Please load down Silent Runner, have it save a Logfile. Post it. Thx
Please load down Silent Runner, have it save a Logfile. Post it. Thx
Here it is:
Code:"Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] "Internet2 Optimizer" = "wkfix.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string] "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."] "BluetoothAuthenticationAgent" = "rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent" [MS] "HKSERV.EXE" = "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"] "SonyPowerCfg" = "C:\Program Files\sony\vaio power management\SPMgr.exe" ["Sony Corporation"] "VAIO Update 2" = ""C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary" ["Sony Corporation"] "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."] "ISBMgr.exe" = "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" ["Sony Corporation"] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"] "Drag'n Drop CD+DVD" = "C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp" [empty string] "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"] "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] "mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."] "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "PPClean RunOnce insertion" = "regedit /s "C:\PPCleanRunOnce.reg"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Please post the whole Silent Runner Logfile, thanks.
Sorry about that, here it is:
Code:"Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS] "Internet2 Optimizer" = "wkfix.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string] "Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."] "BluetoothAuthenticationAgent" = "rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent" [MS] "HKSERV.EXE" = "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"] "SonyPowerCfg" = "C:\Program Files\sony\vaio power management\SPMgr.exe" ["Sony Corporation"] "VAIO Update 2" = ""C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary" ["Sony Corporation"] "ezShieldProtector for Px" = "C:\WINDOWS\System32\ezSP_Px.exe" ["Easy Systems Japan Ltd."] "ISBMgr.exe" = "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" ["Sony Corporation"] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"] "Drag'n Drop CD+DVD" = "C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp" [empty string] "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"] "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] "mmtask" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" ["Musicmatch Inc."] "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "PPClean RunOnce insertion" = "regedit /s "C:\PPCleanRunOnce.reg"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\sony\vaio power management\SPMPanel.dll" ["Sony Corporation"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS] "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{3c249f62-e26e-11d4-97f0-009027769c61}" = "Format Shell" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Format Shell\SMSHELL.DLL" ["OnSpec Electronic Inc.,"] "{03FF3962-D823-11D4-97F0-009027769C61}" = "Data Caching Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\DATACA~1\FlashShl.dll" [file not found] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found] "{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found] "{1EBC3533-B289-409F-9924-B84B3F0717D2}" = "AceFTP Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\VISICO~1\ACEFTP~1\FTPCntxt.dll" ["Visicom Media Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\vaioslia.scr" ["Sony Corporation"] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Martin Holliday\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Martin Holliday" & "All Users" startup folders: ----------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] "Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"] "Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."] "Watch" -> shortcut to: "C:\WINDOWS\twain_32\S6U12BX\WATCH.exe" ["Common Group"] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {CLSID}\(Default) = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {CLSID}\(Default) = "Yahoo! Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll" ["Yahoo! Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {CLSID}\(Default) = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {CLSID}\(Default) = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {CLSID}\(Default) = "Yahoo! Toolbar" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] SAVScan, SAVScan, "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ----------
@ Martinholliday
Please scan your system by turned off System Restore by minimally 3 Online-Scanners.
Take Full System Scans. Panda is a very deep scan and will last 2-3 hours:
* http://housecall.trendmicro.com
* Panda ActiveScan
* http://bitdefender.com/scan/licence.php
* http://www.windowsecurity.com/trojanscan/
* Kaspersky AV Onlinescanner (Beta)
Reboot your system when one scan is finished.
Make me know the results.
The HouseCall Trend Micro scan didn't find any viruses.
The Windows Security Trojan Scan found 6 items of malware all located in c:\Documents and Settings\Martin Holliday in the cookies folder.
Panda ActiveScan found the following:
Code:Incident Status Location Adware:Adware/nCase No disinfected Windows Registry Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Martin Holliday\Application Data\emia.exe
@ Martinholliday
Please read this instructions first and then print it out or save it as a textfile (*.txt)
since we will ask you to work offline in safe mode.
Turn off System Restore.
Make sure you set windows to see the hidden files and folders.
Follow the numbers.
1
Download for free:
Ad-Aware SE
Spybot Search & Destroy
2
How to use:
Ad-Aware SE: install and update it
Spybot Search & Destroy: install and update it
3
Disconnect to the net.
4
Turn to safe mode.
5
run Ad-Aware SE (Adaware SE 1.05 Tutorial)
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Change all red X to green ones.
Take a full system scan.
Delete the content of the ad-aware folders when scan is finished.
Safe the logfile.
6
Run Spybot Search & Destroy
Turn on Advanced Mode. Go to "Tools" and put a checkmark into the box of ActiveX.
Scan your system. Let Spybot Search & Setroy delete everything it finds.
Take the immunication for your system.
7
Reboot your system into normal mode.
8
Connect to the net.
9
Run HijackThis and have it save a new HJT-Logfile
Post the logfile of Ad-Aware SE and the new HijackThis Logfile.
SpyBot didn't find any problems.
Here is the AdAware logfile:
and the new HijackThis logfile:Code:Ad-Aware SE Build 1.05 Logfile Created on:12 May 2005 18:37:58 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):43 total references Tracking Cookie(TAC index:3):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-05-2005 18:37:58 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Martin Holliday\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Martin Holliday\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\adobe\photoshop\7.0\visiteddirs Description : adobe photoshop 7 recent work folders MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\macromedia\dreamweaver 4\recent file list Description : list of recently used files in macromedia dreamweaver MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\macromedia\flash 5\recent file list Description : list of recently used files in macromedia flash MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\clipart gallery\2.0\mrudescription Description : most recently used description in microsoft clipart gallery MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru Description : list of recent pictured inserted in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru Description : list of recent documents saved by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\office\9.0\publisher\recent file list Description : list of recent files used by microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1537604510-693755283-1271354988-1005\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 148 ThreadCreationTime : 12-05-2005 17:33:28 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 196 ThreadCreationTime : 12-05-2005 17:33:43 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 220 ThreadCreationTime : 12-05-2005 17:33:45 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 264 ThreadCreationTime : 12-05-2005 17:33:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 276 ThreadCreationTime : 12-05-2005 17:33:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 424 ThreadCreationTime : 12-05-2005 17:33:54 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 484 ThreadCreationTime : 12-05-2005 17:33:55 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 528 ThreadCreationTime : 12-05-2005 17:33:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 764 ThreadCreationTime : 12-05-2005 17:34:09 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 904 ThreadCreationTime : 12-05-2005 17:35:13 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 43 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@tribalfusion[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:martin holliday@tribalfusion.com/ Expires : 01-01-2038 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@bs.serving-sys[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:martin holliday@bs.serving-sys.com/ Expires : 01-01-2038 06:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@bravenet[1].txt Category : Data Miner Comment : Hits:9 Value : Cookie:martin holliday@bravenet.com/ Expires : 01-01-2011 00:12:40 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@serving-sys[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:martin holliday@serving-sys.com/ Expires : 01-01-2038 06:00:00 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@cgi-bin[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:martin holliday@imrworldwide.com/cgi-bin Expires : 10-05-2015 15:58:24 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : martin holliday@atdmt[1].txt Category : Data Miner Comment : Hits:6 Value : Cookie:martin holliday@atdmt.com/ Expires : 10-05-2010 01:00:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 49 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 49 18:56:57 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:18:59.178 Objects scanned:152414 Objects identified:6 Objects ignored:0 New critical objects:6
ThanksCode:Logfile of HijackThis v1.99.1 Scan saved at 20:02:34, on 12/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\sony\vaio update 2\VAIOUpdt.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\twain_32\S6U12BX\WATCH.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ymoij.dll/sp.html#29126 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ymoij.dll/sp.html#29126 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ssbcache.kent.ac.uk:3128 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Internet2 Optimizer] wkfix.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = kent.ac.uk O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = kent.ac.uk O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
Hello Martin
You have an unknown virus at your system. You can't find it, you can't delete it. Please think about formatting of your system. You get permanently new malware at your system. There is no end. I suggest to formate your system. Take a look to "Security Tips" in my signature. And make me know your decision. Thanks.
Can i check what you mean? I have a DANGEROUS virus that can't be deleted? My system seems to be running perfectly well as it is, is there a problem with leaving it like this? What is the danger?
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Berechtigungen
