Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 11

Thema: Check Please :)

  1. #1
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    Check Please :)

    Just a random check up. thank you

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:30:48 PM, on 19/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Gran Paradiso\firefox.exe
    
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
    O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
    O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184490293711
    O20 - AppInit_DLLs: prio.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    
    --
    End of file - 4962 bytes
    Code:
    ----- Root ----------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\
    
    17/08/2007  10:07 PM               211 boot.ini
    15/07/2007  04:24 PM                 0 AUTOEXEC.BAT
    15/07/2007  04:24 PM                 0 CONFIG.SYS
    15/07/2007  04:24 PM                 0 MSDOS.SYS
    15/07/2007  04:24 PM                 0 IO.SYS
    15/07/2007  12:40 PM           250,048 ntldr
    15/07/2007  12:22 PM           286,720 Debug.txt
    02/07/2007  07:45 PM           524,288 A8HE.BIN
    08/06/2007  01:00 PM            47,564 NTDETECT.COM
                   9 File(s)      1,108,831 bytes
                   0 Dir(s)  10,211,131,392 bytes free
     
    ----- System32 ------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\WINDOWS\system32
    
    19/08/2007  03:28 AM             2,206 wpa.dbl
    19/08/2007  03:23 AM             1,320 PDBootState
    17/08/2007  09:52 PM            45,056 acovcnt.exe
    13/08/2007  01:10 PM         1,427,080 FNTCACHE.DAT
    10/08/2007  05:12 AM               294 cdboxpro.asp
    09/08/2007  07:40 PM                31 bbcap.err
    05/08/2007  02:27 PM             4,608 bbchlp.dll
    05/08/2007  02:27 PM            27,776 bbcap.dll
    03/08/2007  05:34 AM        16,789,464 MRT.exe
    19/07/2007  07:59 AM         3,583,488 mshtml.dll
    15/07/2007  05:19 PM                 0 h323log.txt
    15/07/2007  04:32 PM               135 prio.ini
    15/07/2007  04:27 PM               995 $winnt$.inf
    15/07/2007  04:26 PM           122,198 TZLog.log
    15/07/2007  04:24 PM             2,577 CONFIG.NT
    15/07/2007  04:24 PM            16,832 amcompat.tlb
    15/07/2007  04:24 PM            23,392 nscompat.tlb
    15/07/2007  04:23 PM               488 WindowsLogon.manifest
    15/07/2007  04:23 PM               488 logonui.exe.manifest
    15/07/2007  04:23 PM               749 cdplayer.exe.manifest
    15/07/2007  04:23 PM               749 wuaucpl.cpl.manifest
    15/07/2007  04:23 PM               749 sapi.cpl.manifest
    15/07/2007  04:23 PM               749 ncpa.cpl.manifest
    15/07/2007  04:23 PM               749 nwc.cpl.manifest
    15/07/2007  04:22 PM            21,640 emptyregdb.dat
    15/07/2007  12:43 PM           390,354 perfh009.dat
    15/07/2007  12:43 PM            57,728 perfc009.dat
    15/07/2007  12:43 PM           453,882 PerfStringBackup.INI
    15/07/2007  10:03 AM               552 d3d8caps.dat
    15/07/2007  10:00 AM           298,104 imon.dll
    15/07/2007  09:56 AM             4,027 jupdate-1.6.0_01-b06.log
    
    ----- Prefetch ------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\WINDOWS\Prefetch
    
    04/08/2007  02:24 AM            61,940 MMC.EXE-04EF131A.pf
    04/08/2007  02:24 AM            81,584 OPERA.EXE-12085680.pf
    04/08/2007  02:23 AM            28,852 CMD.EXE-087B4001.pf
    04/08/2007  02:22 AM            22,940 VERCLSID.EXE-3667BD89.pf
    04/08/2007  02:22 AM            88,200 CLEANMGR.EXE-1F86EA8E.pf
    04/08/2007  02:22 AM             5,066 OSE.EXE-108AC98F.pf
    04/08/2007  02:21 AM            31,988 LIVEUPDT.EXE-0743502E.pf
    04/08/2007  02:21 AM            24,712 NTVDM.EXE-1A10A423.pf
    04/08/2007  02:20 AM            17,114 ALU.EXE-240DEF0E.pf
    04/08/2007  02:19 AM            25,428 MSSWCHX.EXE-2F766758.pf
    04/08/2007  02:19 AM            24,746 OSK.EXE-165729D2.pf
    04/08/2007  02:18 AM            61,304 WINRAR.EXE-39C6DAD9.pf
    04/08/2007  02:16 AM            25,934 SNDVOL32.EXE-383480B7.pf
    04/08/2007  02:03 AM            14,090 AUTOANS.EXE-1DE0C8B0.pf
    04/08/2007  02:02 AM            27,352 RUNDLL32.EXE-1AB36BA4.pf
    04/08/2007  02:02 AM             9,108 AUTOON.EXE-137F5A14.pf
    04/08/2007  02:02 AM            27,980 AS.EXE-010E189B.pf
    04/08/2007  02:01 AM             6,400 PSKILL.EXE-0EBA4CB4.pf
    04/08/2007  02:00 AM            63,932 MSHTA.EXE-331DF029.pf
    04/08/2007  02:00 AM            20,818 WPICLOSE.EXE-2C465059.pf
    04/08/2007  02:00 AM            11,346 CMDOW.EXE-2B1503A3.pf
    04/08/2007  02:00 AM            18,378 IGFXSRVC.EXE-2FB63FE8.pf
    04/08/2007  02:00 AM            36,612 LOGONSETTINGS.EXE-16AA4428.pf
    04/08/2007  01:59 AM            41,378 WINDOWS OPTIMIZER.EXE-2E4EC45F.pf
    04/08/2007  01:59 AM            83,834 TASKMGR.EXE-20256C55.pf
    04/08/2007  01:59 AM            35,254 MEMTUNEUP.EXE-06A1E5F0.pf
    04/08/2007  01:57 AM            47,842 STARTUP MANAGER.EXE-04031760.pf
    04/08/2007  01:56 AM            14,174 REGEDIT.EXE-1B606482.pf
    04/08/2007  01:55 AM            56,378 REGCLEAN.EXE-37D47CE2.pf
    04/08/2007  01:55 AM            39,916 SYSCLEAN.EXE-1B7FE2F6.pf
    04/08/2007  01:54 AM            84,440 RUNDLL32.EXE-2576181F.pf
    04/08/2007  01:53 AM            38,528 SYSTEM OPTIMIZER.EXE-28447F48.pf
    04/08/2007  01:52 AM            36,066 SYSBACKUP.EXE-250DB3A4.pf
    04/08/2007  01:52 AM            34,444 ASO.EXE-382BB2BD.pf
    04/08/2007  01:51 AM            14,678 _REGDLL.TMP-30B6729E.pf
    04/08/2007  01:51 AM            26,936 SETUP.EXE-15224945.pf
    04/08/2007  01:51 AM            54,810 IS-O35LG.TMP-303A7A41.pf
    04/08/2007  01:34 AM            24,520 IGFXZOOM.EXE-037DFD59.pf
    04/08/2007  01:33 AM            28,752 IGFXCFG.EXE-250F9437.pf
    04/08/2007  01:15 AM            75,486 MSIMN.EXE-38BA891D.pf
    04/08/2007  01:14 AM            20,636 CONTROL.EXE-013DBFB5.pf
    04/08/2007  01:13 AM            28,690 RUNDLL32.EXE-2341BBC5.pf
    04/08/2007  01:03 AM            38,904 RUNDLL32.EXE-1EE78FEE.pf
    04/08/2007  12:58 AM            99,940 LIGHTROOM.EXE-289E9C77.pf
    04/08/2007  12:54 AM            16,060 RUNDLL32.EXE-3AF10E20.pf
    04/08/2007  12:52 AM            16,084 RUNDLL32.EXE-268BFF96.pf
    04/08/2007  12:52 AM            28,694 WUAUCLT.EXE-399A8E72.pf
    04/08/2007  12:52 AM         1,135,926 NTOSBOOT-B00DFAAD.pf
    04/08/2007  12:47 AM            33,066 RUNDLL32.EXE-14FC201E.pf
    04/08/2007  12:42 AM            31,946 SVCHOST.EXE-3530F672.pf
    23/07/2007  05:50 PM            21,492 RUNDLL32.EXE-13CC3015.pf
    23/07/2007  05:49 PM            20,604 ATKOSD.EXE-37CE784F.pf
    23/07/2007  05:49 PM            24,236 HKCMD.EXE-1D05234B.pf
    23/07/2007  05:49 PM            28,122 NOD32KUI.EXE-18BC85CE.pf
    23/07/2007  05:49 PM            25,032 VISTADRIVE.EXE-06D8D036.pf
    23/07/2007  05:49 PM            11,376 HCONTROL.EXE-0199BF7C.pf
    23/07/2007  05:49 PM            54,980 WMIPRVSE.EXE-28F301A9.pf
    23/07/2007  05:49 PM            25,474 USERINIT.EXE-30B18140.pf
    23/07/2007  05:49 PM            41,808 WGATRAY.EXE-0ED38BED.pf
    23/07/2007  05:49 PM            12,410 KHALMNPR.EXE-098E13FC.pf
    23/07/2007  05:49 PM            81,338 EXPLORER.EXE-082F38A9.pf
    23/07/2007  05:13 PM            28,780 RUNDLL32.EXE-11BF0F1D.pf
    23/07/2007  05:13 PM            28,146 RUNDLL32.EXE-2045F969.pf
    23/07/2007  04:42 PM            43,264 REGSVR32.EXE-25EEFE2F.pf
    23/07/2007  04:03 PM            17,514 USNSVC.EXE-373E4DBC.pf
    23/07/2007  04:03 PM            19,306 RUNDLL32.EXE-23AC47EA.pf
    23/07/2007  04:02 PM            65,156 MSNMSGR.EXE-366A1A81.pf
    23/07/2007  04:01 PM            35,364 RUNDLL32.EXE-4506516A.pf
    16/07/2007  04:40 PM            13,222 LOGON.SCR-151EFAEA.pf
    16/07/2007  04:21 PM            47,596 HH.EXE-2D1A70B3.pf
    16/07/2007  04:20 PM            54,286 WBCONFIG.EXE-11436230.pf
    16/07/2007  04:13 PM            41,060 RUNDLL32.EXE-25FADA58.pf
    16/07/2007  06:37 AM            14,218 IGFXTRAY.EXE-3391579A.pf
    16/07/2007  06:24 AM            17,354 PDEXCHANGE.EXE-208E4E8A.pf
    16/07/2007  06:24 AM            62,044 PERFECTDISK.EXE-30B6B5AE.pf
    16/07/2007  06:19 AM            24,748 FNPLICENSINGSERVICE.EXE-15CB8EAD.pf
    16/07/2007  06:19 AM            67,088 PHOTOSHOP.EXE-122BFF6B.pf
    16/07/2007  06:19 AM            19,830 RUNDLL32.EXE-11ED8C97.pf
    16/07/2007  06:18 AM            23,080 ADOBE CS3 DESIGN PREMIUM KEYG-2D5762D8.pf
    16/07/2007  06:10 AM           269,408 MSIEXEC.EXE-2F8A8CAE.pf
    16/07/2007  06:01 AM            11,278 FLASHUTIL9B.EXE-2D0B142A.pf
    16/07/2007  05:57 AM            35,842 MDNSRESPONDER.EXE-02F30C6E.pf
    16/07/2007  05:51 AM            73,190 SETUP.EXE-04652813.pf
    16/07/2007  05:50 AM            44,276 SETUP.EXE-2E22641D.pf
    16/07/2007  05:41 AM            24,756 ADOBECS3_DESIGN PREMIUM.EXE-38E45EA8.pf
    16/07/2007  05:24 AM            22,094 ADOBECS3_DESIGN PREMIUM.EXE-0DFADE5E.pf
    16/07/2007  05:22 AM            16,474 RUNDLL32.EXE-451FC2C0.pf
    16/07/2007  05:10 AM            28,042 NOTEPAD.EXE-336351A9.pf
    16/07/2007  05:09 AM            44,318 ADOBE PHOTOSHOP LIGHTROOM 1.0-1FAA477B.pf
    16/07/2007  05:07 AM            32,842 APDPROXY.EXE-2E756635.pf
    16/07/2007  05:07 AM            17,998 PXSETUP.EXE-05FBEAD9.pf
    16/07/2007  05:07 AM             6,122 PXHPINST.EXE-19CAC65A.pf
    16/07/2007  05:05 AM            36,096 AUTORUN.EXE-055703AF.pf
    16/07/2007  04:58 AM            18,860 SCREEN.EXE-01D32F63.pf
    16/07/2007  04:54 AM            43,314 MMC.EXE-39071BCC.pf
    16/07/2007  04:54 AM            37,348 RUNDLL32.EXE-147710F4.pf
    16/07/2007  04:50 AM            33,344 RUNDLL32.EXE-30EA5E3E.pf
    16/07/2007  04:49 AM            26,168 RUNDLL32.EXE-464BF094.pf
    16/07/2007  04:46 AM            24,112 RUNDLL32.EXE-2C9B3606.pf
    16/07/2007  04:46 AM            33,832 MSCONFIG.EXE-335EFEA3.pf
    16/07/2007  04:45 AM            21,138 RUNONCE.EXE-2803F297.pf
    15/07/2007  04:32 PM            78,822 XCOPY.EXE-21FC761A.pf
    15/07/2007  04:32 PM             8,840 INSTALL.EXE-2AB23E80.pf
    15/07/2007  04:32 PM            36,682 7ZA.EXE-23681EED.pf
    15/07/2007  04:31 PM             8,194 SPUPDSVC.EXE-21B36524.pf
    15/07/2007  04:29 PM            19,816 SHMGRATE.EXE-1BA69E68.pf
    15/07/2007  04:29 PM            43,832 IE4UINIT.EXE-169A5A39.pf
    15/07/2007  04:29 PM            25,898 SETUP50.EXE-362FF7C9.pf
    15/07/2007  04:29 PM             7,152 DEVCON.EXE-3189D4D7.pf
    15/07/2007  04:29 PM            10,898 REG.EXE-0D2A95F7.pf
    15/07/2007  03:02 PM            34,726 LOGONUI.EXE-0AF22957.pf
    15/07/2007  01:59 PM           278,422 Layout.ini
    15/07/2007  12:59 PM            45,972 IKERNEL.EXE-078AA887.pf
    15/07/2007  12:51 PM            59,724 INSTALL.EXE-2902968E.pf
    15/07/2007  12:22 PM            23,712 INSTALLALL.EXE-22D34390.pf
    15/07/2007  10:25 AM            71,454 MSCORSVW.EXE-1BF30400.pf
    15/07/2007  10:12 AM            23,472 LODCTR.EXE-1009C3B4.pf
    15/07/2007  10:12 AM            21,248 MOFCOMP.EXE-01718E95.pf
    15/07/2007  10:12 AM            16,648 REGTLIBV12.EXE-0E2FA54B.pf
    15/07/2007  10:12 AM            11,016 NGEN.EXE-38021CCC.pf
                 120 File(s)      5,619,514 bytes
                   0 Dir(s)  10,211,008,512 bytes free
    
    ----- Windows -------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\WINDOWS
    
    19/08/2007  04:19 PM           554,647 WindowsUpdate.log
    19/08/2007  04:02 PM                 5 Twain001.Mtx
    19/08/2007  04:02 PM               217 TWAIN.LOG
    19/08/2007  04:02 PM               156 Twunk001.MTX
    19/08/2007  02:47 PM             8,733 setupapi.log
    19/08/2007  02:47 PM               205 RTacDbg.txt
    19/08/2007  02:47 PM               159 wiadebug.log
    19/08/2007  02:47 PM                50 wiaservc.log
    19/08/2007  02:47 PM             2,048 bootstat.dat
    17/08/2007  10:07 PM               507 win.ini
    17/08/2007  10:07 PM               227 system.ini
    15/08/2007  04:07 PM                69 NeroDigital.ini
    11/08/2007  01:26 AM                32 prio.ini
    05/08/2007  11:22 PM                 0 nsreg.dat
    05/08/2007  01:58 AM             5,250 langorig.ini
    04/08/2007  10:05 PM               165 startUp manager.INI
    16/07/2007  06:59 AM                 0 Twunk002.MTX
    16/07/2007  04:58 AM                92 WB.ini
    15/07/2007  05:19 PM                 0 Sti_Trace.log
    15/07/2007  04:32 PM            62,633 prio197uninstall.exe
    15/07/2007  04:24 PM                 0 control.ini
    15/07/2007  04:24 PM           316,640 WMSysPr9.prx
    15/07/2007  04:24 PM             4,161 ODBCINST.INI
    15/07/2007  04:23 PM               749 WindowsShell.Manifest
    15/07/2007  04:21 PM                37 vbaddin.ini
    15/07/2007  04:21 PM                36 vb.ini
    15/07/2007  12:43 PM             8,192 REGLOCS.OLD
    15/07/2007  10:01 AM               376 ODBC.INI
    13/06/2007  11:23 AM         1,033,216 explorer.exe
    08/06/2007  01:00 PM            15,360 TASKMAN.EXE
    08/06/2007  01:00 PM            50,688 twain_32.dll
    08/06/2007  01:00 PM            10,752 hh.exe
    08/06/2007  01:00 PM             1,405 msdfmap.ini
    08/06/2007  01:00 PM            49,680 twunk_16.exe
    08/06/2007  01:00 PM            25,600 twunk_32.exe
    08/06/2007  01:00 PM            69,120 NOTEPAD.EXE
    08/06/2007  01:00 PM           146,432 regedit.exe
    08/06/2007  01:00 PM           256,192 winhelp.exe
    08/06/2007  01:00 PM            18,944 vmmreg32.dll
    08/06/2007  01:00 PM                 2 desktop.ini
    08/06/2007  01:00 PM           283,648 winhlp32.exe
    08/06/2007  01:00 PM                80 explorer.scf
    08/06/2007  01:00 PM            94,784 twain.dll
    08/06/2007  01:00 PM               707 _default.pif
    29/03/2007  05:00 PM             3,638 Pagelet.ico
    09/02/2007  10:25 AM           246,808 ptm_xp.dll
    09/02/2007  10:25 AM           230,424 ptm_nt.dll
    03/11/2005  01:58 PM            28,160 KHALMNPR.Exe
    11/05/2005  05:06 PM            32,768 VMInstNT.exe
    09/05/2005  02:51 PM            32,768 VMUninstNT.exe
                  50 File(s)      3,596,562 bytes
                   0 Dir(s)  10,211,012,608 bytes free
    
    ----- Tasks ---------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\WINDOWS\tasks
    
    04/08/2007  02:35 AM                 6 SA.DAT
    08/06/2007  01:00 PM                65 desktop.ini
                   2 File(s)             71 bytes
                   0 Dir(s)  10,211,012,608 bytes free
     
    ----- Wintemp -------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\WINDOWS\temp
    
    19/08/2007  04:02 PM           148,819 TWAIN.LOG
    19/08/2007  02:47 PM               255 WGAErrLog.txt
    19/08/2007  02:27 PM                 3 Twain001.Mtx
    19/08/2007  02:27 PM                 0 VDM22F.tmp
    19/08/2007  02:27 PM                 0 Twunk003.MTX
    18/08/2007  05:15 PM                 0 exp16A8.tmp
    18/08/2007  01:18 PM                 0 Twunk002.MTX
    18/08/2007  11:17 AM                 0 VDM12FD.tmp
    17/08/2007  05:14 PM                 0 exp1D4C.tmp
    16/08/2007  04:18 PM                 0 exp1114.tmp
    15/08/2007  02:24 PM               212 coinlog.log
                  11 File(s)        149,289 bytes
                   0 Dir(s)  10,211,008,512 bytes free
     
    ----- Temp ----------------------------- 
     Volume in drive C is OS and Pograms
     Volume Serial Number is B8FC-E6C6
    
     Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    
    19/08/2007  04:33 PM           119,421 filelist.txt
    19/08/2007  04:28 PM                 0 etilqs_oqyXa1tQydwVU8e
    19/08/2007  02:32 PM                 0 gyr23A.tmp
    19/08/2007  02:27 PM                 0 fmb230.tmp
    19/08/2007  02:27 PM                 0 pc6228.tmp
    19/08/2007  12:59 PM            41,193 amt.log
    19/08/2007  12:59 PM           211,444 alm.log
    19/08/2007  03:14 AM         1,835,008 ~DFAC0B.tmp
    19/08/2007  12:38 AM                 0 fcl1CDE.tmp
    19/08/2007  12:38 AM                 0 72j1CDC.tmp
    18/08/2007  05:18 PM             1,097 TWAIN.LOG
    18/08/2007  05:18 PM                 3 Twain001.Mtx
    18/08/2007  05:18 PM                 0 Twunk002.MTX
    18/08/2007  05:18 PM               156 Twunk001.MTX
    18/08/2007  04:24 PM                 0 wfw1575.tmp
    18/08/2007  04:24 PM                 0 o2o1572.tmp
    18/08/2007  04:12 PM                 0 7dt1519.tmp
    18/08/2007  03:47 PM                 0 1gn14BC.tmp
    18/08/2007  11:21 AM                 0 csp1333.tmp
    18/08/2007  01:29 AM            77,824 swt-gdip-win32-3345.dll
    18/08/2007  01:23 AM           307,200 swt-win32-3345.dll
    18/08/2007  01:23 AM                91 i4j_log14695.log
    18/08/2007  01:22 AM             4,608 i4jdel0.exe
    18/08/2007  01:22 AM             3,823 i4j_nlog_2
    18/08/2007  01:08 AM                 0 qqsD6D.tmp
    18/08/2007  12:58 AM                 0 qqsD13.tmp
    18/08/2007  12:40 AM               153 1101206329.idx
    18/08/2007  12:40 AM               483 9bc0d294475a98d43c011d51231b5e35.tpt
    18/08/2007  12:39 AM                43 2384259663.idx
    18/08/2007  12:39 AM               156 1b3b34ca73767d474a3444b8b1db065e.tpt
    18/08/2007  12:38 AM                33 2133010966.idx
    18/08/2007  12:37 AM               124 ce17c178620102c16ea2b98d955d383f.tpt
    18/08/2007  12:37 AM                 0 qqsA5D.tmp
    17/08/2007  08:37 PM            23,427 TFR2B9E.tmp
    17/08/2007  08:37 PM            23,262 TFR2B97.tmp
    17/08/2007  08:37 PM            67,994 TFR2B90.tmp
    17/08/2007  08:37 PM            59,218 TFR2B7E.tmp
    17/08/2007  08:37 PM            46,660 TFR2B7B.tmp
    17/08/2007  08:37 PM            46,021 TFR2B7A.tmp
    17/08/2007  01:47 PM                 0 0vwF99.tmp
    17/08/2007  01:42 PM                 0 qllE5E.tmp
    17/08/2007  01:41 PM                 0 4mhE57.tmp
    16/08/2007  08:16 PM               201 1CA9223A.TMP
    16/08/2007  03:13 PM                 0 y2m7D9.tmp
    16/08/2007  03:10 PM                 0 imt787.tmp
    16/08/2007  03:05 PM                 0 j6q73F.tmp
    16/08/2007  02:55 PM                 0 3vz5B5.tmp
    15/08/2007  10:09 AM             9,737 IHB14.tmp
    15/08/2007  10:09 AM             9,737 IHAF1.tmp
    15/08/2007  12:26 AM             2,807 IH4C49.tmp
    15/08/2007  12:25 AM             3,655 IH4BD3.tmp
    14/08/2007  12:19 AM                58 _tmp_qq_proxy.ini
    13/08/2007  11:49 PM             2,290 IH6375.tmp
    13/08/2007  11:42 PM                25 QPRC.DAT
    11/08/2007  07:18 PM             3,775 IH93F8.tmp
    11/08/2007  07:09 PM            16,384 ~DF6183.tmp
    11/08/2007  05:27 PM             9,752 IH64C6.tmp
    08/08/2007  05:18 AM             9,743 IH494A.tmp
    07/08/2007  02:23 PM             9,737 IH8CF.tmp
    07/08/2007  02:23 PM             9,737 IH910.tmp
    05/08/2007  12:22 PM                67 DFB96C33.TMP
    05/08/2007  09:55 AM               151 E94CDEC4.TMP
    15/01/2002  05:42 PM             7,909 Import Instructions.rtf
    15/01/2002  05:39 PM            17,231 Readme.rtf
    15/01/2002  03:24 AM         3,688,034 LANGCHS.SLD
                  65 File(s)      6,670,472 bytes
                   0 Dir(s)  10,211,004,416 bytes free
    Ge鋘dert von trihornX (19.08.2007 um 07:35 Uhr)

  2. #2
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beitr鋑e
    20.038

    AW: Check Please :)

    Welcome to HijackThis.eu @ trihornX

    STEP 1
    The first thing you could do to get rid of it is: restore the operating system to a previous state - have a look here:

    1. Log on to Windows as Administrator.
    2. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
    3. On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
    4. On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
    5. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
    6. Log on to the computer as Administrator. The System Restore Restoration Complete page appears.
    7. Click OK.
    STEP 2
    Please rename Hijackthis.exe in HJT1991.exe.


    We need to rename it, because of malware which attacks HijackThis and hides from it.

    Remember that Hijackthis must be run in an own folder.
    Only if Hijackthis runs in an own folder it will create backups!

    Please run HJT1991.exe and let it scan.
    Save the fresh HJT logfile and post it.

    STEP 3
    Make sure you set windows to see the hidden files and folders.

  3. #3
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    Re: Check Please :)

    Thanks again for helping ruby heres the log

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:42:36 PM, on 19/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Gran Paradiso\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HJT1991.exe
    
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
    O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
    O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184490293711
    O20 - AppInit_DLLs: prio.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    
    --
    End of file - 4992 bytes

  4. #4
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beitr鋑e
    20.038

    AW: Check Please :)

    Hello again @ trihornX

    you may want to download the Deckard's System Scan (DSS) and save it to your desktop.
    Note: You must work in administrator account.
    1. Please shut down ALL applications and windows
    2. Double-click onto the dss.exe to start it and follow the prompts.
    3. When the scan is finished two textfiles will open-
      main.txt <- you will see it maximised and
      extra.txt <- you will see it as a minimized file
    4. Copy and post both the contents of main.txt and extra.txt into your next answer
    The logs can be very big, so please use vB Code

  5. #5
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    Re: Check Please :)

    Hi again

    Code:
    Deckard's System Scanner v20070809.63
    Run by Administrator on 2007-08-19 at 17:41:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------
    
    -- System Restore --------------------------------------------------------------
    
    Unable to create WMI object; The operation completed successfully.
    
    
    Backed up registry hives.
    Performed disk cleanup.
    
    
    
    -- HijackThis (run as Administrator.exe) ---------------------------------------
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:42:14 PM, on 19/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
    
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
    O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
    O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
    O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
    O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184490293711
    O20 - AppInit_DLLs: prio.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    
    --
    End of file - 4934 bytes
    
    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
    
    backup-20070819-162832-357 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20070819-162832-578 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    backup-20070819-162832-660 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    
    -- File Associations -----------------------------------------------------------
    
    .chm - chm.file - shell\open\command - "hh.exe" %1
    .ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1
    .js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
    .js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
    .txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1
    
    
    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
    
    R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
    R2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
    
    
    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
    
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    
    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    
    
    -- Device Manager: Disabled ----------------------------------------------------
    
    No disabled devices found.
    
    
    -- Files created between 2007-07-19 and 2007-08-19 -----------------------------
    
    2007-08-19 16:23:56         0 d-------- C:\Program Files\Trend Micro
    2007-08-19 16:18:46         0 d-------- C:\Program Files\7-Zip
    2007-08-19 14:44:21         0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2007-08-19 14:42:10    524288 -r-h----- C:\A8HE.BIN
    2007-08-19 14:03:12         0 d-------- C:\icons
    2007-08-18 01:23:45         0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-08-18 01:23:43         0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
    2007-08-18 01:23:11         0 d-------- C:\Program Files\Azureus
    2007-08-17 21:58:51     49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
    2007-08-17 21:58:51     45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
    2007-08-17 21:58:51         0 d-------- C:\Program Files\Analog Devices
    2007-08-17 21:56:39         0 d-------- C:\Program Files\Motorola
    2007-08-17 21:52:58     45056 --a------ C:\WINDOWS\system32\acovcnt.exe
    2007-08-17 21:51:18    155648 --a------ C:\WINDOWS\system32\ACEngSvr.exe <Not Verified; ASUSTeK; ACEngSvr Module>
    2007-08-17 15:38:32         0 d-------- C:\Program Files\Gran Paradiso
    2007-08-16 16:38:42         0 d-------- C:\Documents and Settings\Administrator\Application Data\Torrent Episode Downloader
    2007-08-16 16:38:28         0 d-------- C:\Program Files\Torrent Episode Downloader
    2007-08-14 00:17:54         0 d--h----- C:\WINDOWS\PIF
    2007-08-13 15:13:47         0 d-------- C:\Program Files\GNU
    2007-08-11 19:28:30         0 d-------- C:\Program Files\QQ
    2007-08-11 19:26:53         0 d-------- C:\Program Files\nLite
    2007-08-11 19:02:49         0 d-------- C:\WINDOWS\system32\qqedit
    2007-08-11 19:02:49         0 d-------- C:\Program Files\Tencent
    2007-08-11 03:29:05         0 d--h----- C:\WINDOWS\system32\GroupPolicy
    2007-08-09 16:45:29         0 d-------- C:\Program Files\Toshiba
    2007-08-09 03:07:54         0 d-------- C:\Program Files\MSECache
    2007-08-08 19:26:39     21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
    2007-08-08 19:26:24         0 d-------- C:\Program Files\NETGEAR
    2007-08-08 13:03:24         0 d-------- C:\WINDOWS\system32\appmgmt
    2007-08-07 14:28:52         0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2007-08-07 14:28:08         0 d-------- C:\Documents and Settings\Administrator\Application Data\GRETECH
    2007-08-07 14:27:55         0 d-------- C:\Program Files\GRETECH
    2007-08-05 23:55:14         0 d-------- C:\Program Files\Foxit Software
    2007-08-05 23:22:23         0 --a------ C:\WINDOWS\nsreg.dat
    2007-08-05 23:22:21         0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
    2007-08-05 23:22:21         0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2007-08-05 18:19:33         0 d-------- C:\Program Files\CCleaner
    2007-08-05 16:37:08         0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
    2007-08-05 16:37:08         0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2007-08-05 16:37:08         0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
    2007-08-05 16:37:01         0 d-------- C:\Program Files\SourceTec
    2007-08-05 14:27:56      4608 --a------ C:\WINDOWS\system32\bbchlp.dll <Not Verified; Blueberry Consultants Ltd.; BB FlashBack>
    2007-08-05 14:27:56     27776 --a------ C:\WINDOWS\system32\bbcap.dll <Not Verified; Blueberry Consultants Ltd.; BB FlashBack>
    2007-08-05 14:27:53         0 d-------- C:\Documents and Settings\Administrator\Application Data\Blueberry
    2007-08-05 14:27:52         0 d-------- C:\Documents and Settings\All Users\Application Data\Blueberry
    2007-08-05 14:27:45         0 d-------- C:\Program Files\Common Files\Blueberry Software
    2007-08-05 14:27:45         0 d-------- C:\Program Files\Blueberry Software
    2007-08-05 14:27:42         0 d-------- C:\Documents and Settings\All Users\Application Data\{1125ADE1-D617-4AFC-A2BB-E9DE22F436B6}
    2007-08-05 02:01:04         0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-08-05 01:48:10         0 d-------- C:\WINDOWS\Downloaded Installations
    2007-08-05 01:09:54         0 d-------- C:\Program Files\Windows Live
    2007-08-05 01:09:53         0 d-------- C:\Program Files\Messenger Plus! Live
    2007-08-04 01:52:08         0 d-------- C:\Documents and Settings\Administrator\Application Data\Systweak
    2007-08-04 01:51:45         0 d-------- C:\Program Files\Advanced System Optimizer
    2007-07-23 16:41:56         0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
    
    
    -- Find3M Report ---------------------------------------------------------------
    
    2007-08-19 03:23:59      1320 --a------ C:\WINDOWS\system32\PDBootState
    2007-08-18 21:02:33         0 d-------- C:\Program Files\MSN Messenger
    2007-08-17 21:58:51         0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-17 21:51:17         0 d-------- C:\Program Files\ASUS
    2007-08-17 13:08:03         0 d-------- C:\Program Files\Opera
    2007-08-12 00:35:36         0 d-------- C:\Program Files\Common Files
    2007-08-10 04:32:31         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2007-08-08 19:26:07         0 d-------- C:\Program Files\Common Files\InstallShield
    2007-07-16 16:22:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
    2007-07-16 06:10:24         0 d-------- C:\Program Files\Common Files\Adobe
    2007-07-16 06:08:28         0 d-------- C:\Program Files\Common Files\Control Panels
    2007-07-16 06:02:33         0 d-------- C:\Program Files\QuickTime
    2007-07-16 05:56:50         0 d-------- C:\Program Files\Bonjour
    2007-07-16 05:53:28         0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-15 17:14:41         0 d-------- C:\Program Files\Common Files\ODBC
    2007-07-15 17:14:37         0 d-------- C:\Program Files\Common Files\SpeechEngines
    2007-07-15 17:14:09        62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
    2007-07-15 16:32:45     62633 --a------ C:\WINDOWS\prio197uninstall.exe
    2007-07-15 16:32:22         0 d-a------ C:\Program Files\Stardock
    2007-07-15 16:29:19         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2007-07-15 16:26:57         0 d-------- C:\Program Files\eXPerience
    2007-07-15 16:25:11         0 d-------- C:\Program Files\MSXML 4.0
    2007-07-15 16:24:40         0 -rahs---- C:\MSDOS.SYS
    2007-07-15 16:24:40         0 -rahs---- C:\IO.SYS
    2007-07-15 16:24:40         0 --a------ C:\CONFIG.SYS
    2007-07-15 16:24:40         0 --a------ C:\AUTOEXEC.BAT
    2007-07-15 16:23:31         0 d--h----- C:\Program Files\WindowsUpdate
    2007-07-15 16:23:28         0 d-------- C:\Program Files\Online Services
    2007-07-15 16:23:08         0 d-------- C:\Program Files\Common Files\MSSoap
    2007-07-15 16:23:00         0 d-------- C:\Program Files\Movie Maker
    2007-07-15 16:22:11     21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-07-15 16:21:32         0 d-------- C:\Program Files\Windows Media Connect 2
    2007-07-15 16:21:23         0 d-------- C:\Program Files\Windows NT
    2007-07-15 12:53:07         0 d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
    2007-07-15 12:52:15         0 d-------- C:\Program Files\Synaptics
    2007-07-15 12:52:12         0 d-------- C:\Program Files\SetPoint
    2007-07-15 12:52:11         0 d-------- C:\Program Files\Common Files\Logitech
    2007-07-15 12:24:22         0 d-------- C:\Program Files\Intel
    2007-07-15 10:10:55         0 d-------- C:\Program Files\MSXML 6.0
    2007-07-15 10:03:28       552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2007-07-15 10:01:46         0 d-------- C:\Program Files\Raxco
    2007-07-15 10:01:46         0 d-------- C:\Program Files\Common Files\Raxco
    2007-07-15 10:01:33         0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
    2007-07-15 10:01:02         0 d-------- C:\Program Files\Microsoft ActiveSync
    2007-07-15 10:00:58         0 d-------- C:\Program Files\Microsoft.NET
    2007-07-15 10:00:08    298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
    2007-07-15 09:57:19         0 d-------- C:\Program Files\Common Files\Ahead
    2007-07-15 09:57:15         0 d-------- C:\Program Files\Nero
    2007-07-15 09:56:21         0 d-------- C:\Program Files\Java
    2007-07-15 09:56:04         0 d-------- C:\Program Files\Common Files\Java
    2007-07-15 09:55:58         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2007-06-08 13:00:00    218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft Windows Operating System>
    2007-06-08 13:00:00    140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft Windows Operating System>
    2007-06-08 13:00:00     28672 --a------ C:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >
    2007-06-08 13:00:00      3038 --a------ C:\WINDOWS\system32\presetup.cmd
    2007-06-08 13:00:00     31232 --a------ C:\WINDOWS\system32\cmdow.exe <Not Verified; ; CMDOW>
    2007-06-08 13:00:00     45056 --a------ C:\WINDOWS\system32\1365VidChng.exe <Not Verified; Tony Pombo; Video Resolution Changer>
    2007-05-22 16:46:54    167936 --a------ C:\WINDOWS\system32\TosBtAPI.dll <Not Verified; TOSHIBA CORPORATION.; Bluetooth Stack for Windows by TOSHIBA>
    
    
    -- Registry Dump ---------------------------------------------------------------
    
    *Note* empty entries & legit default entries are not shown
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [14/10/2006 01:37 PM]
    "VistaDrive"="C:\WINDOWS\VistaDrive\VistaDrive.exe" [13/06/2007 11:39 PM]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [15/07/2007 10:00 AM]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [14/08/2006 07:38 AM]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [06/02/2007 04:30 PM]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/11/2005 01:58 PM C:\WINDOWS\KHALMNPR.Exe]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/06/2007 01:00 PM]
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRemoteRecursiveEvents"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "StartMenuFavorites"=0 (0x0)
    "Start_ShowHelp"=0 (0x0)
    "Start_ShowMyComputer"=1 (0x1)
    "Start_ShowMyDocs"=1 (0x1)
    "Start_ShowMyMusic"=0 (0x0)
    "Start_ShowRun"=1 (0x1)
    "Start_ShowSearch"=0 (0x0)
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)
    "ForceClassicControlPanel"=1 (0x1)
    "NoResolveTrack"=1 (0x1)
    "LinkResolveIgnoreLinkInfo"=1 (0x1)
    "NoResolveSearch"=1 (0x1)
    "ClearRecentDocsOnExit"=1 (0x1)
    "NoStartBanner"=1 (0x1)
    "NoSMMyPictures"=00000000
    "NoSMConfigurePrograms"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSharedDocuments"=1 (0x1)
    "NoActiveDesktop"=1 (0x1)
    "NoRecentDocsMenu"=1 (0x1)
    
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"=1 (0x1)
    "ForceClassicControlPanel"=1 (0x1)
    "NoResolveTrack"=1 (0x1)
    "LinkResolveIgnoreLinkInfo"=1 (0x1)
    "NoResolveSearch"=1 (0x1)
    "ClearRecentDocsOnExit"=1 (0x1)
    "NoStartBanner"=1 (0x1)
    "NoSMMyPictures"=1 (0x1)
    "NoSMConfigurePrograms"=1 (0x1)
    "MemCheckBoxInRunDlg"=1 (0x1)
    "NoSharedDocuments"=1 (0x1)
    "NoActiveDesktop"=1 (0x1)
    "NoRecentDocsMenu"=1 (0x1)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 20/12/2005 10:57 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=prio.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^腾讯QQ.lnk]
    path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\腾讯QQ.lnk
    backup=C:\WINDOWS\pss\腾讯QQ.lnkStartup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
    C:\Program Files\ASUS\Splendid\ACMON.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    HDAShCut.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    KHALMNPR.EXE
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-08-19 at 17:44:37 ---------

    Code:
    Deckard's System Scanner v20070809.63
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------
    
    -- System Information ----------------------------------------------------------
    
    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English
    
    CPU 0: Genuine Intel(R) CPU           T2130  @ 1.86GHz
    CPU 1: Genuine Intel(R) CPU           T2130  @ 1.86GHz
    Percentage of Memory in Use: 44%
    Physical Memory (total/avail): 1007.23 MiB / 556.85 MiB
    Pagefile Memory (total/avail): 2424.39 MiB / 2101.26 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1937.79 MiB
    
    C: is Fixed (NTFS) - 15.63 GiB total, 9.54 GiB free. 
    D: is Fixed (NTFS) - 19.53 GiB total, 17.45 GiB free. 
    E: is Fixed (NTFS) - 9.77 GiB total, 9.72 GiB free. 
    F: is Fixed (NTFS) - 19.53 GiB total, 2.49 GiB free. 
    G: is CDROM (CDFS)
    I: is Fixed (NTFS) - 7.73 GiB total, 7.69 GiB free. 
    
    
    -- Security Center -------------------------------------------------------------
    
    AUOptions is set to notify before download.
    Windows Internal Firewall is disabled.
    
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    AntivirusOverride is set.
    FirewallOverride is set.
    
    Unable to create WMI object.
    
    -- Environment Variables -------------------------------------------------------
    
    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=DIGIT2
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEVMGR_SHOW_DETAILS=
    DEVMGR_SHOW_NONPRESENT_DEVICES=1
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\DIGIT2
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0e0c
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=DIGIT2
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINDOWS
    
    
    -- User Profiles ---------------------------------------------------------------
    
    Administrator (admin)
    
    
    -- Add/Remove Programs ---------------------------------------------------------
    
     --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\SETUP.EXE" -l0x9 anything
    7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
    Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
    Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
    Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
    Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
    Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
    Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
    Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
    Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Photoshop Lightroom --> MsiExec.exe /I{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}
    Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
    Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
    Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Advanced System Optimizer --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
    AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
    ASUS Live Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\SETUP.EXE" -l0x9 
    ASUS Splendid Video Enhancement Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe" -l0x9  -removeonly
    ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    BB FlashBack --> "C:\Documents and Settings\All Users\Application Data\{1125ADE1-D617-4AFC-A2BB-E9DE22F436B6}\BB FlashBack.exe" REMOVE=TRUE MODIFY=FALSE
    Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    Chinese (Simplified) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cn.inf, Uninstall
    Chinese (Traditional) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tw.inf, Uninstall
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    FLV SPLITTER --> "C:\Program Files\GNU\FLVSPLITTER\Uninstall.exe"
    Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Gran Paradiso (3.0a7) --> C:\Program Files\Gran Paradiso\uninstall\helper.exe
    High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Motorola SM56 Speakerphone Modem --> rundll32.exe sm56coin.dll,SM56UnInstaller
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero 7 Micro 7.9.6.0 --> "C:\Program Files\Nero\unins000.exe"
    NETGEAR WG111v2 wireless USB 2.0 adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E0F252A6-DE85-4E93-A93B-DFC3537B3965} 
    NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
    NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
    Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
    Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\SETUP.EXE" -l0x9 
    Prio v1.9.7 --> C:\WINDOWS\prio197uninstall.exe
    QQ2006 正式版 --> C:\Program Files\Tencent\QQ\uninst.exe
    QQ游戏 --> C:\Program Files\Tencent\QQGame\\Uninstall.EXE
    REALTEK PCIE NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x9 REMOVE
    SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\SETUP.EXE" -l0x9  -removeonly
    SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9  -removeonly
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Vimicro 321 Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61F1704D-38E4-45D3-B1A0-6DF3CDA05F07}\SETUP.EXE" -l0x9 
    Vista Drive Indicator! --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\Vdrive.inf,uninstall
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\SETUP.EXE" -l0x9 
    
    
    -- Application Event Log -------------------------------------------------------
    
    Event ID #1036: Error
    Event Submitted/Written: 08/19/2007 04:50:38 PM
    Event Source: EventSystem
    Event Description:
    The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
    
    Event ID #1034: Error
    Event Submitted/Written: 08/19/2007 02:47:33 PM
    Event Source: VSS
    Event Description:
    Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.
    
    Event ID #1033: Error
    Event Submitted/Written: 08/19/2007 02:47:33 PM
    Event Source: EventSystem
    Event Description:
    The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
    
    Event ID #1029: Warning
    Event Submitted/Written: 08/19/2007 02:44:44 PM
    Event Source: Userenv
    Event Description:
    Windows saved user DIGIT2\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. 
    
    
    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
    
    Event ID #1028: Error
    Event Submitted/Written: 08/19/2007 00:40:59 PM
    Event Source: EventSystem
    Event Description:
    The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
    
    
    
    -- Security Event Log ----------------------------------------------------------
    
    No Errors/Warnings found.
    
    
    -- System Event Log ------------------------------------------------------------
    
    Event ID #5551: Error
    Event Submitted/Written: 08/19/2007 02:49:02 PM
    Event Source: Service Control Manager
    Event Description:
    The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
    %%1058
    
    Event ID #5545: Error
    Event Submitted/Written: 08/19/2007 02:49:02 PM
    Event Source: Service Control Manager
    Event Description:
    The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: 
    %%1058
    
    Event ID #5544: Error
    Event Submitted/Written: 08/19/2007 02:48:07 PM
    Event Source: DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    
    Event ID #5543: Error
    Event Submitted/Written: 08/19/2007 02:47:33 PM
    Event Source: DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    
    Event ID #5539: Error
    Event Submitted/Written: 08/19/2007 02:44:41 PM
    Event Source: DCOM
    Event Description:
    DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
    in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    
    
    
    -- End of Deckard's System Scanner: finished at 2007-08-19 at 17:44:37 ---------

  6. #6
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beitr鋑e
    20.038

    AW: Check Please :)

    Hello trihornX

    I want to get some information about some files on your system.
    Please follow this instruction:

    STEP 1
    Make sure you set windows to see the hidden files and folders.

    STEP 2
    Locate these files:

    C:\WINDOWS\system32\acovcnt.exe
    C:\WINDOWS\system32\cdboxpro.asp
    C:\WINDOWS\system32\prio.ini
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\WINDOWS\system32\1365VidChng.exe
    C:\WINDOWS\langorig.ini
    C:\WINDOWS\prio197uninstall.exe
    C:\WINDOWS\ptm_xp.dll
    C:\WINDOWS\ptm_nt.dll

    Use your mouse, right click onto each file, read the properties > version >
    I need to know the Company name, the file version, description and the copyright.
    Please copy this information about every file to your thread.

    STEP 3
    Please scan these files with Virustotal,
    press the Button 'Filter' as soon s you have got the results.
    Copy&paste this results to your thread, also as they show up noting.
    You can also use virus.org or jotti to scan your file(s)
    :

    C:\WINDOWS\system32\acovcnt.exe
    C:\WINDOWS\system32\cdboxpro.asp
    C:\WINDOWS\system32\prio.ini
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    C:\WINDOWS\system32\1365VidChng.exe
    C:\WINDOWS\langorig.ini
    C:\WINDOWS\prio197uninstall.exe
    C:\WINDOWS\ptm_xp.dll
    C:\WINDOWS\ptm_nt.dll

    You may want to make us know all about the results of the scans including name, MD5 and SHA1 by copy&paste (look for an example).

    Please don't delete these files as you find out that it's malware.
    We want to load them up to the propducers of Antimalware
    to protect user's systems from malware in future times..

  7. #7
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    Re: Check Please :)

    C:\WINDOWS\system32\acovcnt.exe
    No version and company details available.
    Code:
     File acovcnt.exe received on 08.20.2007 06:04:31 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: 4.
    Estimated start time is between 58 and 83 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
    
    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email: 	
    	
    Antivirus 	Version 	Last Update 	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 45056 bytes
    MD5: 6bcaf46e2b7fa9ace92b4d39f3037c5c
    SHA1: 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
    C:\WINDOWS\system32\cdboxpro.asp
    No version and company details available.
    Code:
     File cdboxpro.asp received on 08.20.2007 06:09:02 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: 2.
    Estimated start time is between 46 and 66 seconds.
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
    
    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email: 	
    	
    Antivirus 	Version 	Last Update 	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 294 bytes
    MD5: 43a302b53f1b39acd5700facc5f0b9b2
    SHA1: dfb2a529ecbe8de5a93644006c59bcffaff1a101
    C:\WINDOWS\system32\prio.ini
    File version #: 1.9.6.0
    Prio Process Control
    O&K Software
    Code:
    Antivirus  	Version  	Last Update  	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 135 bytes
    MD5: 49add010b3d11edbecc32cd2b017e40b
    SHA1: 468fff1e1eb078a4483774adf1db5fb1f6f2b3f9
    C:\WINDOWS\VistaDrive\VistaDrive.exe
    Version: 3.1.1.0
    http://www.autoitscript.com/autoit3/compiled.html
    Code:
    Antivirus  	Version  	Last Update  	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	suspicious Trojan/Worm
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	Suspicious file
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 280779 bytes
    MD5: 6e15cac2275e0b0a22e7ee9bac30d7ba
    SHA1: 73907693e9e3009226aa0f062b0d139d59c445ce
    packers: UPX
    packers: UPX
    packers: UPX
    C:\WINDOWS\system32\1365VidChng.exe
    Video Resolution Changer
    Version 1.0.0.8
    Copyright 2001, Tony Pombo
    Code:
    Antivirus  	Version  	Last Update  	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    C:\WINDOWS\langorig.ini
    No info available
    Code:
    Antivirus  	Version  	Last Update  	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 5250 bytes
    MD5: 1a82cf1f0b903e707551ad6394d28f41
    SHA1: b5d3b7e0fd5384c1e9cc72b38d6e372070e92d02
    C:\WINDOWS\prio197uninstall.exe
    No information
    Code:
    Antivirus  	Version  	Last Update  	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.17	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 62633 bytes
    MD5: 6a00e31cdc11275880c164aebb4df23f
    SHA1: 15391805e8b86f80e32e8458ba4671b8d4998473
    packers: BINARYRES
    C:\WINDOWS\ptm_xp.dll
    O&K Software
    Version: 1.9.6.0
    Prio Process Control
    Code:
    File ptm_xp.dll received on 08.20.2007 06:11:02 (CET)
    Antivirus	Version	Last Update	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.20	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 246808 bytes
    MD5: 3caee0bcc8b1e3ce978856c3092ad88f
    SHA1: b2f2d4fcfdb31a9cebbfa73ef61a0e2de6c72157
    C:\WINDOWS\ptm_nt.dll
    O&K Software
    Code:
    File ptm_nt.dll received on 08.20.2007 06:11:16 (CET)
    Antivirus	Version	Last Update	Result
    AhnLab-V3	2007.8.18.0	2007.08.20	-
    AntiVir	7.4.1.62	2007.08.19	-
    Authentium	4.93.8	2007.08.17	-
    Avast	4.7.1029.0	2007.08.20	-
    AVG	7.5.0.484	2007.08.19	-
    BitDefender	7.2	2007.08.20	-
    CAT-QuickHeal	9.00	2007.08.18	-
    ClamAV	0.91	2007.08.20	-
    DrWeb	4.33	2007.08.19	-
    eSafe	7.0.15.0	2007.08.16	-
    eTrust-Vet	31.1.5069	2007.08.18	-
    Ewido	4.0	2007.08.19	-
    FileAdvisor	1	2007.08.20	-
    Fortinet	2.91.0.0	2007.08.19	-
    F-Prot	4.3.2.48	2007.08.17	-
    F-Secure	6.70.13030.0	2007.08.19	-
    Ikarus	T3.1.1.12	2007.08.19	-
    Kaspersky	4.0.2.24	2007.08.20	-
    McAfee	5100	2007.08.17	-
    Microsoft	1.2803	2007.08.19	-
    NOD32v2	2470	2007.08.19	-
    Norman	5.80.02	2007.08.17	-
    Panda	9.0.0.4	2007.08.19	-
    Prevx1	V2	2007.08.20	-
    Rising	19.36.60.00	2007.08.19	-
    Sophos	4.20.0	2007.08.12	-
    Sunbelt	2.2.907.0	2007.08.18	-
    Symantec	10	2007.08.20	-
    TheHacker	6.1.8.170	2007.08.17	-
    VBA32	3.12.2.2	2007.08.20	-
    VirusBuster	4.3.26:9	2007.08.19	-
    Webwasher-Gateway	6.0.1	2007.08.20	-
    Additional information
    File size: 230424 bytes
    MD5: 8fc0fd796c28b6a6db88986c3927ac94
    SHA1: 9829e9cc57f596a76eb3c67d12f2849a636ccea7

  8. #8
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beitr鋑e
    20.038

    AW: Check Please :)

    Hello trihornX

    Please follow these instructions:

    STEP 1
    Download Atribune's ATF Cleaner for Windows
    (Website)
    Run it

    and

    Put a checkmark next to every item under "Main" or "Select All" in every account and click then onto "Empty Selected" > exit.


    STEP 2
    Zitat Zitat von Ruby Beitrag anzeigen
    Let's have a look if you have a rootkit on your system?

    • Please close down all applications, close down your webbroser.
    • Disconnect from the Internet
    • Don't do anything on your machine
    • close down your antivirus and your spywareprogram(s)
    • shut down your network connections and your WLAN
    • nothing may be done on your system

    Let RootkitRevealer scan
    • Download RootkitRevealer,
      unzip it to its own folder C:\program files\rootkitrevealer.
    • Run RootkitReavealer.exe.
    • Click onto "Scan".
    • When the scan is finished, save the logfile.

    Let Blacklight scan
    • Download F-Secure Blacklight
      save it to its own folder C:\program files\blacklight.
    • Start blbeta.exe. Close down all applications.
    • Click onto "I accept the agreement", "next", "Scan".
    • When the scan is finished exit Blacklight with "Close".
    • You will find a Blacklight fsbl-XXX.log in the folder of Blacklight, XXX means a number of digits.

    Let Sophos scan
    • Download Sophos
      Rootkitescan. You will get an installation file sarsfx.exe.
    • Start it, accept the license, allow the installation, do not change the path C:\SOPHTEMP.
    • Open this folder, start sargui.exe, close down all other applications.
    • Hold on the options and "Start scan". It will last some time. When it's finished
      you will get a fresh window with the summing-up, click "Ok". Close the Sophos Rootkitscan.
      It's only an analysing tool.
    • Start > run > type %temp%
      Locate sarscan.log, copy its content and post it.

    Let Gmer scan
    • Download Gmer from here. Unzip it to your desktop.
    • Start gmer.exe > Tab Rootkit. Close down all other applications.
    • Be assured that all checkmarks are set from "System" to "ADS".
    • (Important: NO checkmark may be set next to "Show all".
      Start the "Scan". Don't do anything with your machine.
    • When the scan is finished, click onto "Copy" to get the logfile.
    • Exit Gmer with "Ok".
    • Paste your logfile to this thread.

    Please make us see all logfiles.

    (Learn here how to create a new folder: Windows Tutorial.)

  9. #9
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    AW: Check Please :)

    Thnx again ruby

    RootKitRevealer
    Code:
    HKLM\SECURITY\Policy\Secrets\SAC*	15/07/2007 9:46 AM	0 bytes	Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI*	15/07/2007 9:46 AM	0 bytes	Key name contains embedded nulls (*)
    C:\WINDOWS\Temp\WGAErrLog.txt	21/08/2007 2:08 PM	255 bytes	Hidden from Windows API.
    Blacklight
    Code:
    08/21/07 14:14:15 [Info]: BlackLight Engine 1.0.64 initialized
    08/21/07 14:14:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    08/21/07 14:14:16 [Note]: 7019 4
    08/21/07 14:14:16 [Note]: 7005 0
    08/21/07 14:14:34 [Note]: 7006 0
    08/21/07 14:14:34 [Note]: 7011 1252
    08/21/07 14:14:34 [Note]: 7026 0
    08/21/07 14:14:34 [Note]: 7026 0
    08/21/07 14:14:37 [Note]: FSRAW library version 1.7.1022
    08/21/07 14:18:19 [Note]: 7007 0

    Sophos
    Code:
    Sophos Anti-Rootkit Version 1.3 (data 1.06)  (c) 2006 Sophos Plc
    Started logging on 21/08/2007 at 14:19:19 PM
    Stopped logging on 21/08/2007 at 14:21:42 PM
    GMER
    is attached with the reply..too big to post
    http://slashnow.com/hbs_files/gmer.txt
    Ge鋘dert von trihornX (21.08.2007 um 05:56 Uhr)

  10. #10
    Forenbenutzer
    Registriert seit
    04.03.2006
    Beitr鋑e
    30

    AW: Check Please :)

    sorry double post
    Ge鋘dert von trihornX (21.08.2007 um 05:57 Uhr)

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, G鋝te: 1)

膆nliche Themen

  1. HP - PC check
    Von lemon im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 26.06.2007, 10:31
  2. Can you check this out for me?
    Von unregistered im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 28.06.2005, 11:42
  3. Could you please check
    Von Rocky87 im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 22.06.2005, 04:17
  4. check check
    Von jay_nasty im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 07.06.2005, 18:03
  5. PC Check
    Von seas im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 15.04.2005, 20:54

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anh鋘ge hochladen: Nein
  • Beitr鋑e bearbeiten: Nein
  •