Wykryto wirusa co robic? HTML/Infected.WebPage.Gen

sensation22 · 6 Październik 2007 19:40

Witam moj antywirus wykryl wirusa o nazwie (ktora sprawdzilem na stronce ) HTML/Infected.WebPage.Gen

Wykryto go w nastepujacej sciezce

Podaje logi z

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:33:38 PM, on 10/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\KService\KService.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vsnphv71.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\PC Tools Firewall Plus\PCTFW.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compete Toolbar\Compete.exe C:\Program Files\Compete Toolbar\CompeteUa.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\iDailyDiary\iDD.exe C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe E:\MUSIC\A RENA CLUB\hi jack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def … earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def … .yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CI ToolHelper Class - {55825511-174A-4b4e-84B7-69AAC4E294B6} - C:\Program Files\Compete Toolbar\CompeteToolbar.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll O3 - Toolbar: Compete Toolbar - {9B393B85-708D-4e61-9529-2FA61D4A4904} - C:\Program Files\Compete Toolbar\CompeteToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [sNPHV71] C:\WINDOWS\vsnphv71.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe O4 - HKLM…\Run: [FtkCPY] “C:\Program Files\Common Files\Java\ftkcpy.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM…\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O4 - HKLM…\Run: [PCTools FW] C:\Program Files\PC Tools Firewall Plus\PCTFW.exe /s O4 - HKLM…\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKCU…\Run: [Yahoo! Pager] ~“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Compete Toolbar] C:\Program Files\Compete Toolbar\Compete.exe O4 - HKCU…\Run: [Compete Toolbar Update] C:\Program Files\Compete Toolbar\CompeteUa.exe O4 - HKCU…\Run: [msnmsgr] ~“C:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - Startup: Registration Brothers In Arms EiB.LNK = C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra ‘Tools’ menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/r … nPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7869049513 O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_48.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/a … Atchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip…{38BED972-D6D5-4332-8EC1-2B03DE9F5055}: NameServer = 212.139.132.6 212.139.132.7 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe – End of file - 15720 bytes

oraz Silent Runners

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Yahoo! Pager” = “~“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet” [file not found] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe” [file not found] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Compete Toolbar” = “C:\Program Files\Compete Toolbar\Compete.exe” [“Compete, Inc.”] “Compete Toolbar Update” = “C:\Program Files\Compete Toolbar\CompeteUa.exe” [“Compete, Inc.”] “msnmsgr” = “~“C:\Program Files\MSN Messenger\msnmsgr.exe” /background” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS] “PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] “SNPHV71” = “C:\WINDOWS\vsnphv71.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “Disk Monitor” = “C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe” [“Neodio Corp.”] “FtkCPY” = ““C:\Program Files\Common Files\Java\ftkcpy.exe”” [file not found] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “SemanticInsight” = “C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe” [file not found] “LXCFCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] “CTSysVol” = “C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r” [“Creative Technology Ltd”] “ISUSPM Startup” = ““C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup” [“Macrovision Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“Macrovision Corporation”] “AttuneClientEngine” = “C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe” [file not found] “PCTools FW” = “C:\Program Files\PC Tools Firewall Plus\PCTFW.exe /s” [null data] “googletalk” = “C:\Program Files\Google\Google Talk\googletalk.exe /autostart” [“Google”] “avgnt” = ““C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [“Google”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “OODefragTray” = “C:\WINDOWS\system32\oodtray.exe” [“O&O Software GmbH”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “NSLauncher” = “C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}(Default) = (no title provided) -> {HKLM…CLSID} = “AzEntretien Class” \InProcServer32(Default) = “C:\WINDOWS\azentretien.dll” [file not found] {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}(Default) = “SWEETIE” -> {HKLM…CLSID} = “SWEETIE Class” \InProcServer32(Default) = “C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll” [“Macrogaming”] {502C3BA4-2C3E-4317-BC29-C0445E82B1F9}(Default) = (no title provided) -> {HKLM…CLSID} = “PaltalkWebLogin” \InProcServer32(Default) = “C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll” [“AVM Software Inc.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {55825511-174A-4b4e-84B7-69AAC4E294B6}(Default) = (no title provided) -> {HKLM…CLSID} = “CI ToolHelper Class” \InProcServer32(Default) = “C:\Program Files\Compete Toolbar\CompeteToolbar.dll” [“Compete, Inc.”] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! IE Services Button” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Common\yiesrvc.dll” [“Yahoo! Inc.”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {9030D464-4C02-4ABF-8ECC-5164760863C6}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Sign-in Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll” [MS] {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}(Default) = (no title provided) -> {HKLM…CLSID} = “TwcToolbarBhoApp Class” \InProcServer32(Default) = “C:\WINDOWS\system32\TwcToolbarBho.dll” [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}(Default) = (no title provided) -> {HKLM…CLSID} = “Windows Live Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS] {F97DA966-F09D-4cab-BF29-75A0026986EA}(Default) = (no title provided) -> {HKLM…CLSID} = “XBTP02634 Class” \InProcServer32(Default) = “C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{5464D816-CF16-4784-B9F3-75C0DB52B499}” = “Yahoo! Mail” -> {HKLM…CLSID} = “YMailShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\Yahoo!\Common\ymmapi.dll” [“Yahoo! Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}” = “Messenger Sharing Folders” -> {HKLM…CLSID} = “My Sharing Folders” \InProcServer32(Default) = “C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{AF663E5B-1791-412d-AAD5-8AD52F036B41}” = “ZJ_ShlExt extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\WinAVIVideoConverter\SimpleExt.dll” [“ZJMedia”] “{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}” = “CorelDRAW Shell Extension Component” -> {HKLM…CLSID} = “CorelDRAW Shell Extension Component” \InProcServer32(Default) = “C:\Program Files\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll” [“Corel Corporation”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL” [“Google”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“OODBS” [“O&O Software GmbH”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Yahoo! Mail(Default) = “{5464D816-CF16-4784-B9F3-75C0DB52B499}” -> {HKLM…CLSID} = “YMailShellExt Class” \InProcServer32(Default) = “C:\PROGRA~1\Yahoo!\Common\ymmapi.dll” [“Yahoo! Inc.”] ZJ_ShlExt(Default) = “{AF663E5B-1791-412d-AAD5-8AD52F036B41}” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\WinAVIVideoConverter\SimpleExt.dll” [“ZJMedia”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“Avira GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Default executables: -------------------- HKCU\Software\Classes.bat(Default) = (value not set) HKCU\Software\Classes.cmd(Default) = (value not set) HKCU\Software\Classes.com(Default) = (value not set) HKCU\Software\Classes.exe(Default) = “exefile” HKCU\Software\Classes.hta(Default) = “htafile” Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoLogOff” = (REG_DWORD) hex:0x00000000 {Disable Logoff} “NoSMHelp” = (REG_BINARY) hex:01 00 00 00 {Remove Help menu from Start Menu} “NoRecentDocsMenu” = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} “NoRecentDocsHistory” = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} “NoRecentDocsNetHood” = (REG_BINARY) hex:01 00 00 00 {unrecognized setting} “NoSMMyDocs” = (REG_BINARY) hex:01 00 00 00 {Remove Documents menu from Start Menu} “NoSMMyPictures” = (REG_BINARY) hex:01 00 00 00 {Remove My Pictures icon from Start Menu} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableLockWorkstation” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “DisableChangePassword” = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Hemant Raiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Startup items in “Hemant Raiker” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\Hemant Raiker\Start Menu\Programs\Startup “Registration Brothers In Arms EiB” -> shortcut to: “C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe -d 802964 -l english -r 7 -g Brothers In Arms EiB -c united -i " [file not found] “Stardock ObjectDock” -> shortcut to: “C:\Program Files\Stardock\ObjectDock\ObjectDock.exe” [“Stardock”] C:\Documents and Settings\All Users\Start Menu\Programs\Startup “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] “Check Updates for Windows Live Toolbar” -> launches: “C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] 000000000005\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll” [“Yahoo! Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] “{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}” -> {HKLM…CLSID} = “Windows Live Toolbar” \InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS] “{9B393B85-708D-4E61-9529-2FA61D4A4904}” -> {HKLM…CLSID} = “Compete Toolbar” \InProcServer32(Default) = “C:\Program Files\Compete Toolbar\CompeteToolbar.dll” [“Compete, Inc.”] “{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}” -> {HKLM…CLSID} = “SweetIM For Internet Explorer” \InProcServer32(Default) = “C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll” [“Macrogaming”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll” [“Yahoo! Inc.”] “{9B393B85-708D-4E61-9529-2FA61D4A4904}” = (no title provided) -> {HKLM…CLSID} = “Compete Toolbar” \InProcServer32(Default) = “C:\Program Files\Compete Toolbar\CompeteToolbar.dll” [“Compete, Inc.”] “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar4.dll” [“Google Inc.”] “{2E5E800E-6AC0-411E-940A-369530A35E43}” = (no title provided) -> {HKLM…CLSID} = “The Weather Channel Toolbar” \InProcServer32(Default) = “C:\WINDOWS\system32\TwcToolbarIe7.dll” [null data] “{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}” = (no title provided) -> {HKLM…CLSID} = “Windows Live Toolbar” \InProcServer32(Default) = “C:\Program Files\Windows Live Toolbar\msntb.dll” [MS] “{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}” = (no title provided) -> {HKLM…CLSID} = “SweetIM For Internet Explorer” \InProcServer32(Default) = “C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll” [“Macrogaming”] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}(Default) = (no title provided) -> {HKLM…CLSID} = “&Yahoo! Messenger” \InProcServer32(Default) = “C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}(Default) = (no title provided) -> {HKLM…CLSID} = “&Yahoo! Messenger” \InProcServer32(Default) = “C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll” [“Yahoo! Inc.”] HKLM\Software\Classes\CLSID{2E5E800E-6AC0-411E-940A-369530A35E43}(Default) = “The Weather Channel Toolbar” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\system32\TwcToolbarIe7.dll” [null data] HKLM\Software\Classes\CLSID{2E5E800E-6AC0-411E-940A-369530A35E43}(Default) = “The Weather Channel Toolbar” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\WINDOWS\system32\TwcToolbarIe7.dll” [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {2E5E800E-6AC0-411E-940A-369530A35E43}\ “ButtonText” = “The Weather Channel” “MenuText” = “The Weather Channel” {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ “ButtonText” = “Yahoo! Services” “CLSIDExtension” = “{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}” -> {HKLM…CLSID} = “Yahoo! IE Services Button” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Common\yiesrvc.dll” [“Yahoo! Inc.”] {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}\ {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll” [“Yahoo! Inc.”] <> “{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}” = (no title provided) -> {HKLM…CLSID} = “SweetIM For Internet Explorer” \InProcServer32(Default) = “C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll” [“Macrogaming”] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, ““C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe”” [“Avira GmbH”] AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ““C:\Program Files\AntiVir PersonalEdition Classic\sched.exe”” [“Avira GmbH”] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} C-DillaSrv, C-DillaSrv, “C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE” [“C-Dilla Ltd”] Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] KService, KService, ““C:\Program Files\KService\KService.exe”” [“Kontiki Inc.”] MSSQL$SONY_MEDIAMGR, MSSQL$SONY_MEDIAMGR, “C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] O&O Defrag, O&O Defrag, “C:\WINDOWS\system32\oodag.exe” [“O&O Software GmbH”] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] STI Simulator, STI Simulator, “C:\WINDOWS\System32\PAStiSvc.exe” [null data] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] TuneUp Theme Extension, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ 730 Series Port\Driver = “lxcflmpm.DLL” [” "] ---------- (launch time: 2007-10-06 20:35:59) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 235 seconds, including 7 seconds for message boxes)

Z Gory Dziekuje

Gutek · 7 Październik 2007 00:15

R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O4 - HKLM…\Run: [FtkCPY] “C:\Program Files\Common Files\Java\ftkcpy.exe” O4 - HKLM…\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM…\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra ‘Tools’ menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file) O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

usuń wpisy HJT

Daj log z ComboFix

sensation22 · 10 Październik 2007 19:50

musze to zrobic w trybie awaryjnym jesli tak to powiedz prosze jak to zrobic w angiejskiej wersji windowsa

Wiem ze F8 musze naciskac a pozniej?

Safe mode?

czy wybrac cos innego

z gory dzieki

Krzychuu · 10 Październik 2007 20:06

Tak to tryb awaryjny.

Ale te wpisy możesz skasować w normalnym.

sensation22 · 14 Październik 2007 12:42

Zrobilem wszystko tak jak mi poleciles a teraz log POZDRO

ComboFix 07-10-12.4 -NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.616 [GMT 1:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\hosts C:\WINDOWS\NDNuninstall6_98.exe C:\WINDOWS\NDNuninstall7_14.exe C:\WINDOWS\NDNuninstall7_22.exe . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-14 00:51 2007-10-13 18:42 2007-10-13 10:42 2007-10-03 23:26 146 --a------ C:\WINDOWS\DelMR.bat 2007-10-03 23:19 2007-10-03 22:20 2007-10-03 22:19 2007-10-03 22:18 2007-10-03 22:18 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-10-03 22:16 2007-10-03 22:16 2007-09-20 22:03 2007-09-19 13:52 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-16 11:07 2007-09-16 11:07 2007-09-16 11:07 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-09-16 10:21 2007-09-15 21:22 2007-09-15 20:59 2007-09-15 20:29 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-13 17:13 --------- d-----w C:\Documents and Settings\Hemant Raiker\Application Data\Datalayer 2007-10-13 17:08 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-08 19:32 --------- d-----w C:\Program Files\Lx_cats 2007-10-06 20:57 --------- d-----w C:\Documents and Settings\Hemant Raiker\Application Data\GanymedeNet 2007-10-03 22:30 --------- d-----w C:\Program Files\Recode Media 2007-10-03 22:26 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-03 22:26 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-03 21:22 --------- d-----w C:\Documents and Settings\Hemant Raiker\Application Data\PC Suite 2007-10-03 21:21 --------- d-----w C:\Program Files\Nokia 2007-09-20 21:03 --------- d—a-w C:\Program Files\BearShare Applications 2007-09-20 21:03 --------- d-----w C:\Documents and Settings\Hemant Raiker\Application Data\Lavasoft 2007-09-03 12:35 966,656 ----a-w C:\WINDOWS\system32\VSFilter.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-17 21:54 --------- d-----w C:\Documents and Settings\Hemant Raiker\Application Data\Media Player Classic 2007-08-09 11:26 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2006-10-31 21:40 39,536 ----a-w C:\Documents and Settings\Hemant Raiker\Application Data\GDIPFONTCACHEV1.DAT 2006-10-25 17:25 284 ----a-w C:\Documents and Settings\Hemant Raiker\Application Data\ViewerApp.dat 2001-11-10 17:28 342 ----a-w C:\Documents and Settings\Hemant Raiker\setup.bat 2001-11-10 12:33 12,538,001 ----a-w C:\Documents and Settings\Hemant Raiker\unpack.exe 2001-11-10 11:11 41,563 ----a-w C:\Documents and Settings\Hemant Raiker\RegSetup.exe 2001-10-05 13:19 34,304 ----a-w C:\Documents and Settings\Hemant Raiker\drvmgt.dll 2001-10-05 13:19 28,624 ----a-w C:\Documents and Settings\Hemant Raiker\secdrv.sys 2001-10-05 10:21 327,680 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA2002GC.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_sv.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_pt.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_nl.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_it.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_he.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_fr.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_es.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_en.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_el.dll 2001-10-05 10:21 32,768 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_de.dll 2001-10-05 10:21 28,672 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_ko.dll 2001-10-05 10:21 28,672 ----a-w C:\Documents and Settings\Hemant Raiker\FIFA02R_ja.dll 2001-09-21 14:58 94,208 ----a-w C:\Documents and Settings\Hemant Raiker\fifa_uninst.exe 2001-09-21 14:58 7,410 ----a-w C:\Documents and Settings\Hemant Raiker\scenario.bin 2001-09-21 14:58 278,528 ----a-w C:\Documents and Settings\Hemant Raiker\GmEmitter.dll 2000-03-18 01:29 49,152 ----a-w C:\Documents and Settings\Hemant Raiker\inject.exe 1998-06-26 19:18 126 ----a-w C:\Documents and Settings\Hemant Raiker\Mk4.reg 1998-06-26 19:12 435,200 ----a-w C:\Documents and Settings\Hemant Raiker\Setup.exe 1998-06-26 10:38 24,096,506 ----a-w C:\Documents and Settings\Hemant Raiker\filesys.dat 2005-07-11 17:57:20 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin 2007-01-14 23:04:42 56 --sh–r C:\WINDOWS\system32\60DA909357.sys 2007-01-14 23:04:46 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 13:00] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 13:00] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 13:00] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-09-29 07:15] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl] “SNPHV71”=“C:\WINDOWS\vsnphv71.exe” [2003-09-04 15:38] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “Disk Monitor”=“C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe” [2004-03-31 04:25] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” [2006-12-15 04:23] “P17Helper”=“P17.dll” [2005-05-03 12:38 C:\WINDOWS\system32\P17.dll] “LXCFCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll” [2005-07-20 18:47] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-06-15 10:20] “nwiz”=“nwiz.exe” [2005-06-15 10:20 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-06-15 10:20] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-24 03:24] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-09-25 14:54] “CTSysVol”=“C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe” [2005-02-15 17:10] “ISUSPM Startup”=“c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 17:30] “ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-08-11 17:30] “PCTools FW”=“C:\Program Files\PC Tools Firewall Plus\PCTFW.exe” [2007-01-22 11:26] “googletalk”=“C:\Program Files\Google\Google Talk\googletalk.exe” [2007-01-01 22:22] “avgnt”=“C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-10-13 18:33] “Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2007-05-18 07:59] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-14 23:22] “OODefragTray”=“C:\WINDOWS\system32\oodtray.exe” [2007-05-11 02:08] “NSLauncher”=“C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe” [2006-11-28 01:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Yahoo! Pager”="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe” [] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “Compete Toolbar”=“C:\Program Files\Compete Toolbar\Compete.exe” [2007-03-13 20:00] “Compete Toolbar Update”=“C:\Program Files\Compete Toolbar\CompeteUa.exe” [2007-03-13 20:00] “msnmsgr”="~C:\Program Files\MSN Messenger\msnmsgr.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “DisableLockWorkstation”=0 (0x0) “DisableChangePassword”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLogOff”=0 (0x0) “NoSMHelp”=01000000 “NoRecentDocsMenu”=01000000 “NoRecentDocsHistory”=01000000 “NoRecentDocsNetHood”=01000000 “NoSMMyDocs”=01000000 “NoSMMyPictures”=01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] C:\WINDOWS\kdx\KHost.exe -all [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rediff Messenger] C:\Program Files\Rediff Bol\RediffMessenger.exe C:\Program Files\Rediff Bol\RediffMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “Creative Detector”=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R “mRouterConfig”=“C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe” “SweetIM”=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “PC Suite for Smartphones”=“C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe” /startoptions “BearFlix”=“C:\Program Files\BearFlix\BearFlix.exe” /pause “UpdReg”=C:\WINDOWS\UpdReg.EXE “SweetIM”=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys S3 ASUSHWIO;ASUSHWIO;??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys S3 C-Dilla;C-Dilla;??\C:\WINDOWS\system32\drivers\CDANT.SYS S3 GPCIDrv;GPCIDrv;??\C:\WINDOWS\GPCIDrv.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 GVTDrv;GVTDrv;??\C:\WINDOWS\system32\Drivers\GVTDrv.sys S3 krdpdre;krdpdre;??\C:\DOCUME~1\HEMANT~1\LOCALS~1\Temp\krdpdre.sys S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys S3 PAC207;D-Link DSB-C120 PC Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS S3 SNPHV71;My-Cam USB Camera (MY-350);C:\WINDOWS\system32\DRIVERS\snphv71.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-09-16 10:07:44 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe “2007-05-23 07:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe “2007-10-14 12:06:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 13:31:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16??? HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~“C:\Program Files\MSN Messenger\msnmsgr.exe” /background?g scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 13:33:00 . — E O F —