Proszę O Sprawdzenie Loga Z Hijackthis

kes34 · 10 Stycznia 2008

Prosze o sprawdzenie loga. Wyskakuje mi cos takiego co pare minut:

Zone Alarm Security Alert: EF4CE6B.exe(kombinacja cyfr i liter w nazwie za kazdym razem sie zmienia) is trying to lunch C:\windows\system32\cmd.exe, or use another program to gain Access to privileged resourced

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:55, on 2008-01-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.32.6.5:808

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1515B906-999A-48F3-8BF4-B7EC61BF5B38} - C:\WINDOWS\system32\pmnkjih.dll (file missing)

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188843559906

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188843496140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: pmnkjih - pmnkjih.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edytowane 12 Stycznia 2008 przez kes34

kes34 · 10 Stycznia 2008

VundiFix nic nie znalazł. Poniżej są logi:

ComboFix 08-01-10.2 - Administrator 2008-01-10 22:52:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1510 [GMT 1:00]

Running from: D:\Downloads\ComboFix\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Helper

C:\Program Files\Helper\superfindout.dll

C:\WINDOWS\system32\xpdx.sys

C:\WINDOWS\Temp\40428803.exe

C:\WINDOWS\Temp\45166284.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_SYMAVC32

-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))

.

2008-01-10 22:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-10 21:35 . 2008-01-10 21:35 <DIR> d-------- C:\Program Files\Trend Micro

2008-01-10 14:57 . 2008-01-10 22:27 120 --a------ C:\tempdel.bat

2008-01-09 17:07 . 2008-01-09 17:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter

2008-01-09 17:05 . 2008-01-09 17:10 <DIR> d-------- C:\Program Files\TrojanHunter 5.0

2007-12-30 11:25 . 2006-08-01 08:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe

2007-12-30 11:24 . 2007-12-30 11:24 <DIR> d-------- C:\Program Files\Realtek

2007-12-30 11:23 . 2001-07-21 18:49 2,104,298 --a------ C:\WINDOWS\system32\drivers\2gmgsmt.sf2

2007-12-30 11:23 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\sblfx.dll

2007-12-30 11:23 . 2001-08-17 12:19 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys

2007-12-30 11:23 . 2001-08-17 22:36 256,512 --a------ C:\WINDOWS\system32\devcon32.dll

2007-12-30 11:23 . 2001-08-17 12:19 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys

2007-12-30 11:23 . 2001-08-17 22:36 24,064 --a------ C:\WINDOWS\system32\devldr32.exe

2007-12-30 11:23 . 2001-08-17 12:19 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys

2007-12-30 11:23 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll

2007-12-29 12:57 . 1999-09-22 16:18 2,259,067 --a------ C:\WINDOWS\system32\default.ecw

2007-12-29 12:57 . 2003-08-28 09:28 270,336 --a------ C:\WINDOWS\system32\sfms32.dll

2007-12-29 12:57 . 2003-08-28 09:16 65,536 --a------ C:\WINDOWS\system32\a3d.dll

2007-12-29 12:57 . 2003-08-28 09:44 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL

2007-12-29 12:57 . 2001-08-17 22:36 51,200 --a------ C:\WINDOWS\system32\sfman32.dll

2007-12-28 22:05 . 2007-12-28 23:06 <DIR> d-------- C:\Program Files\Winamp

2007-12-28 22:05 . 2007-12-28 22:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp

2007-12-28 21:38 . 2007-12-28 21:55 <DIR> d-------- C:\Program Files\RegClean

2007-12-28 21:38 . 2008-01-10 14:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean

2007-12-28 18:19 . 2007-12-28 21:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2007-12-28 18:08 . 2007-12-30 04:47 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm

2007-12-28 18:08 . 2007-12-30 04:47 1,080 --a------ C:\WINDOWS\system32\settings.sfm

2007-12-28 17:58 . 2007-12-28 17:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative

2007-12-28 17:58 . 2007-12-29 13:02 1,304 --a------ C:\WINDOWS\system32\CTHELPER.RPT

2007-12-28 17:55 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2007-12-28 17:55 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2007-12-28 17:53 . 2007-12-30 11:18 <DIR> d-------- C:\WINDOWS\system32\Defaults

2007-12-28 17:53 . 1995-01-13 07:10 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL

2007-12-28 17:53 . 1995-01-13 07:10 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL

2007-12-28 17:52 . 2007-12-30 11:18 <DIR> d-------- C:\WINDOWS\system32\Data

2007-12-28 17:52 . 2001-10-22 02:10 4,398 --a------ C:\WINDOWS\system32\SBLive.ico

2007-12-28 17:52 . 2001-10-22 02:10 3,126 --a------ C:\WINDOWS\system32\Live.bmp

2007-12-28 17:52 . 2007-12-30 11:18 11 --a------ C:\WINDOWS\SBWIN.INI

2007-12-28 17:50 . 2007-12-28 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative

2007-12-28 17:50 . 1999-10-07 02:00 55,808 --------- C:\WINDOWS\system32\CTMp3.crl

2007-12-28 17:48 . 2007-12-30 11:17 <DIR> d-------- C:\Program Files\Creative

2007-12-28 17:19 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2007-12-28 17:19 . 2001-08-17 12:19 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2007-12-28 14:16 . 2007-12-28 14:18 <DIR> d-------- C:\Program Files\Real Alternative

2007-12-17 20:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-12-17 20:31 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2007-12-17 20:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-12-17 20:31 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-17 20:31 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-17 20:31 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-17 20:31 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-17 20:31 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-15 12:01 . 2007-12-15 12:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-12-15 12:01 . 2007-12-15 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-15 12:00 . 2007-12-28 21:32 <DIR> d-------- C:\Program Files\SkanerOnline

2007-12-14 13:14 . 2007-12-14 13:14 <DIR> d-------- C:\Program Files\ePaperPress

2007-12-14 12:30 . 2007-12-14 12:30 2 --a------ C:\1344332264

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-10 21:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\foobar2000

2008-01-10 00:08 --------- d-----w C:\Program Files\DAEMON Tools Pro

2008-01-08 06:23 --------- d-----w C:\Program Files\Free Download Manager

2007-12-30 15:07 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-28 20:30 --------- d-----w C:\Program Files\VDOTool

2007-12-28 20:29 --------- d-----w C:\Program Files\foobar2000

2007-12-28 20:27 --------- d-----w C:\Program Files\Bonjour

2007-12-28 20:27 --------- d-----w C:\Program Files\Attribute Changer

2007-12-19 17:00 --------- d-----w C:\Program Files\Opera

2007-12-17 19:09 18,134,568 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_17_20_07_19.dmp.zip

2007-12-02 15:05 --------- d-----w C:\Program Files\Picasa2

2007-12-02 14:50 --------- d-----w C:\Program Files\Google

2007-12-02 13:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype

2007-12-01 17:05 --------- d-----w C:\Documents and Settings\Guest\Application Data\Free Download Manager

2007-11-24 17:29 --------- d-----w C:\Program Files\GSpot

2007-11-17 18:23 --------- d-----w C:\Program Files\OneStepSearch

2007-11-16 18:11 --------- d-----w C:\Program Files\VVSN

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 03:34 8466432]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 20:56 15360]

"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [ ]

"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="cmd.exe" [2004-08-03 20:56 388608 C:\WINDOWS\system32\cmd.exe]

"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2007-10-11 00:55 124928]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 18:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkjih]

pmnkjih.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk

backup=C:\WINDOWS\pss\DualCoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

--a------ 2007-06-26 13:58 2165272 C:\Program Files\VDOTool\TBPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

--a------ 1997-06-03 07:51 48576 C:\YDPDict\watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-28 23:43 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean]

--a------ 2007-12-28 21:55 10077680 C:\Program Files\RegClean\RegClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Resume copy]

--a------ 2007-09-01 13:11 73728 C:\WINDOWS\copyfstq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s123dwe2]

C:\WINDOWS\TEMP\E63D113C.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-06-26 14:53 20005928 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

--a------ 2006-05-24 19:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]

--a------ 2008-01-09 17:10 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinGuard Pro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Bonjour Service"=2 (0x2)

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"PavPrSrv"=2 (0x2)

"Creative Service for CDROM Access"=2 (0x2)

R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2007-07-23 03:34]

R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2007-07-23 03:34]

S2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []

S3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2004-02-16 23:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f61e9c4-badf-11dc-bf70-001485e149e3}]

\Shell\AutoRun\command - ntde1ect.com

\Shell\explore\Command - ntde1ect.com

\Shell\open\Command - ntde1ect.com

.

Contents of the 'Scheduled Tasks' folder

"2007-12-30 02:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"

- C:\Program Files\RegClean\RegClean.ex

- C:\Program Files\RegClean

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 22:59:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-10 23:00:05 - machine was rebooted [Administrator]

ComboFix-quarantined-files.txt 2008-01-10 21:59:59

.

2008-01-10 20:16:48 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:52, on 2008-01-10