zlob g fakealarm problem too
Page 1 of 2
Page 1 of 2 • 1, 2
- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
i have this problem too,i tried to find what is it exactly,and then i saw a comment about geekpolice..so i would be greatfull if u could help me as soon as possible...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:28 πμ, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\OTHER USER\Application Data\Google\klnxv19819115.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\OTHER USER\Επιφάνεια εργασίας\Hijack(GP)This.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextHelper - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0285C32-F09A-49bd-BA67-FDAB0A58675E} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [SyncManager] C:\WINDOWS\cApp.exe /i
O4 - HKLM\..\Run: [q9UF5LO] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [ΆΈu04C
}οΑzξ[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [ΆΈu04C
}οΑzξigέC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [ΆΈu0Τ@ΤΑί]ϊ"όόiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ΆΈu0Τ@ΤΑί]ϊ"όΈu0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\RunServices: [rant] rant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WinDNN] "C:\Documents and Settings\OTHER USER\Application Data\Google\klnxv19819115.exe" 2
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5f72848343ee43f6ae175adb951b6979
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5f72848343ee43f6ae175adb951b6979
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://movie-browser.com/tl7000.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:28 πμ, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\OTHER USER\Application Data\Google\klnxv19819115.exe
C:\Program Files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\OTHER USER\Επιφάνεια εργασίας\Hijack(GP)This.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextHelper - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D0285C32-F09A-49bd-BA67-FDAB0A58675E} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [SyncManager] C:\WINDOWS\cApp.exe /i
O4 - HKLM\..\Run: [q9UF5LO] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\Run: [ΆΈu04C
}οΑzξ[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [ΆΈu04C
}οΑzξigέC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [ΆΈu0Τ@ΤΑί]ϊ"όόiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ΆΈu0Τ@ΤΑί]ϊ"όΈu0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tkmea.exe
O4 - HKLM\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navwindows.exe
O4 - HKLM\..\RunServices: [rant] rant.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WinDNN] "C:\Documents and Settings\OTHER USER\Application Data\Google\klnxv19819115.exe" 2
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5f72848343ee43f6ae175adb951b6979
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5f72848343ee43f6ae175adb951b6979
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://movie-browser.com/tl7000.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA89608A-3C84-4282-A5AC-BC0C4FD7047D}: NameServer = 195.170.0.1 195.170.2.2
O18 - Protocol: bw+0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
--
End of file - 26173 bytes
O18 - Protocol: bw+0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1A609654-3172-4A2A-A743-2ECE06F20983} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
--
End of file - 26173 bytes
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218220
Likes : 18
Hello.
Bad news.
Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.
You are strongly advised to do the following:
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
Bad news.
Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.
You are strongly advised to do the following:
- Disconnect the computer from the Internet and from any networked computers until it is cleaned.
- Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
- Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
- From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
the option of a reformat seems difficult for me now..can u help me to clean the machine if it's possible? what sould i do? thanks
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218220
Likes : 18
Okay.
- Download combofix from here, use the top links - combofix.exe
- Double click on ComboFix.exe.
- Follow the prompts. NOTE:
- ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan. - The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
- Allow ComboFix to download the Recovery Console.
- Accept the End-User License Agreement.
- The Recovery Console will be installed.
- You will this next prompt that asks if you want to continue the malware scan, select yes
- Allow combofix to run
- Post C:\combofix.txt back here.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
i suppose i had i recovery console cause it started scanning automaticaly..here is the log
ComboFix 08-12-16.03 - OTHER USER 2008-12-17 4:39:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.767.267 [GMT 2:00]
Running from: c:\documents and settings\OTHER USER\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\USER\Local Settings\Tempmetasploit.exe
c:\documents and settings\USER\Start Menu\Προγράμματα\Translator.url
c:\program files\windows adstatus
c:\program files\windows adstatus\Info.txt
c:\windows\IE4 Error Log.txt
c:\windows\o.exe
c:\windows\recover.reg
c:\windows\system\oeminfo.ini
c:\windows\system32\68X0XQwt.exe.a_a
c:\windows\system32\cpdst.exe
c:\windows\system32\ftch32b.exe
c:\windows\system32\UpMedia
c:\windows\system32\Yl244LhQ.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINPNP32
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-15 00:24 . 2008-12-16 08:41 d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-11 21:51 . 2008-12-11 21:51 d-------- c:\documents and settings\OTHER USER\Application Data\Carnival Software
2008-12-11 21:48 . 2008-12-11 21:48 d-------- c:\program files\Caricature Software
2008-12-11 17:08 . 2008-12-11 17:08 d-------- c:\documents and settings\OTHER USER\Application Data\PlayFirst
2008-12-11 09:27 . 2008-12-11 09:27 d-------- c:\program files\Enigma Software Group
2008-12-10 22:27 . 2008-12-10 22:27 d-------- c:\program files\DVD Shrink
2008-12-10 22:27 . 2008-12-10 22:34 d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-10 14:43 . 2008-12-10 14:43 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-10 04:06 . 2008-12-17 00:24 1,964 --a------ c:\windows\Lexicon.ini
2008-12-10 04:02 . 2008-12-10 04:02 d-------- c:\windows\Ελεύθερο Λεξικό
2008-12-10 04:02 . 2008-12-10 04:02 d-------- c:\program files\Ελεύθερο Λεξικό
2008-12-09 20:55 . 2008-12-09 20:55 d-------- c:\program files\IObit
2008-12-09 20:55 . 2008-12-09 20:55 d-------- c:\documents and settings\OTHER USER\Application Data\IObit
2008-12-09 20:38 . 2008-12-09 20:38 d-------- c:\program files\Readon Technology
2008-12-09 20:32 . 2008-12-09 20:32 d-------- c:\documents and settings\OTHER USER\Application Data\Reallusion
2008-12-09 20:32 . 2008-12-11 00:36 43 --a------ c:\windows\FFS20ChtReg.ini
2008-12-09 20:31 . 2008-12-09 20:31 d-------- c:\program files\Reallusion
2008-12-09 20:12 . 2008-12-09 20:12 d-------- c:\program files\Photo-Brush
2008-12-07 20:52 . 2008-12-07 20:52 d-------- c:\documents and settings\OTHER USER\Application Data\Shape games
2008-12-07 20:51 . 2008-12-11 06:37 d-------- c:\program files\Games
2008-12-07 17:53 . 2008-12-07 17:55 d-------- c:\documents and settings\OTHER USER\Application Data\vlc
2008-12-07 17:53 . 2008-12-13 08:10 d-------- c:\documents and settings\OTHER USER\Application Data\dvdcss
2008-12-07 17:52 . 2008-12-07 17:52 d-------- c:\program files\VideoLAN
2008-11-26 21:30 . 2008-12-10 14:46 d-------- c:\program files\EA GAMES
2008-11-26 18:15 . 2008-11-26 18:15 0 --a------ C:\nowy.avi
2008-11-26 13:56 . 2008-11-26 13:56 d-------- c:\documents and settings\OTHER USER\Application Data\DivX
2008-11-26 03:52 . 2008-11-26 03:52 d-------- c:\windows\Cinema Tycoon 2 Movie Mania
2008-11-26 03:52 . 2008-11-26 18:08 d-------- c:\program files\Cinema Tycoon 2 Movie Mania
2008-11-23 16:16 . 2008-11-23 16:17 d-------- c:\program files\SystemRequirementsLab
2008-11-23 16:16 . 2008-11-23 16:16 d-------- c:\documents and settings\OTHER USER\Application Data\SystemRequirementsLab
2008-11-23 15:24 . 2008-11-23 15:24 d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-23 15:22 . 2008-11-23 15:22 d-------- c:\windows\Logs
2008-11-23 15:03 . 2008-11-23 15:03 d--h----- c:\program files\Zero G Registry
2008-11-23 15:02 . 2008-11-23 15:02 d--h----- c:\documents and settings\OTHER USER\InstallAnywhere
2008-11-23 14:58 . 2008-11-23 14:58 d-------- c:\program files\DAEMON Tools Lite
2008-11-23 14:52 . 2008-11-23 14:52 d-------- c:\documents and settings\OTHER USER\Application Data\DAEMON Tools
2008-11-20 18:55 . 2008-12-11 20:22 d-------- c:\documents and settings\OTHER USER\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 02:48 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK
2008-12-16 08:59 --------- d---a-w c:\program files\Sports Interactive
2008-12-14 22:30 --------- d-----w c:\program files\Google
2008-12-11 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-10 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 18:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 14:08 --------- d-----w c:\documents and settings\OTHER USER\Application Data\LimeWire
2008-11-23 13:27 --------- d-----w c:\documents and settings\OTHER USER\Application Data\Sports Interactive
2008-11-23 12:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-12 19:29 --------- d-----w c:\program files\Windows Live
2008-11-09 17:58 --------- d-----w c:\program files\WinPcap
2008-11-09 16:22 --------- d-----w c:\program files\InstantBlogFeeder
2008-11-09 16:03 --------- d-----w c:\program files\DivX
2008-11-08 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-03 14:21 --------- d-----w c:\program files\Veoh Networks
2008-11-01 11:21 --------- d-sh--w c:\program files\KGB
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 10:54 --------- d-----w c:\program files\Java
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:16 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-10 22:50 7,168 --sha-w c:\program files\Thumbs.db
2007-03-20 17:52 24,192 ----a-w c:\documents and settings\USER\usbsermptxp.sys
2007-03-20 17:52 22,768 ----a-w c:\documents and settings\USER\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
ComboFix 08-12-16.03 - OTHER USER 2008-12-17 4:39:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1253.1.1032.18.767.267 [GMT 2:00]
Running from: c:\documents and settings\OTHER USER\Επιφάνεια εργασίας\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\USER\Local Settings\Tempmetasploit.exe
c:\documents and settings\USER\Start Menu\Προγράμματα\Translator.url
c:\program files\windows adstatus
c:\program files\windows adstatus\Info.txt
c:\windows\IE4 Error Log.txt
c:\windows\o.exe
c:\windows\recover.reg
c:\windows\system\oeminfo.ini
c:\windows\system32\68X0XQwt.exe.a_a
c:\windows\system32\cpdst.exe
c:\windows\system32\ftch32b.exe
c:\windows\system32\UpMedia
c:\windows\system32\Yl244LhQ.exe.a_a
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINPNP32
((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.
2008-12-15 00:24 . 2008-12-16 08:41
2008-12-11 21:51 . 2008-12-11 21:51
2008-12-11 21:48 . 2008-12-11 21:48
2008-12-11 17:08 . 2008-12-11 17:08
2008-12-11 09:27 . 2008-12-11 09:27
2008-12-10 22:27 . 2008-12-10 22:27
2008-12-10 22:27 . 2008-12-10 22:34
2008-12-10 14:43 . 2008-12-10 14:43 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-10 04:06 . 2008-12-17 00:24 1,964 --a------ c:\windows\Lexicon.ini
2008-12-10 04:02 . 2008-12-10 04:02
2008-12-10 04:02 . 2008-12-10 04:02
2008-12-09 20:55 . 2008-12-09 20:55
2008-12-09 20:55 . 2008-12-09 20:55
2008-12-09 20:38 . 2008-12-09 20:38
2008-12-09 20:32 . 2008-12-09 20:32
2008-12-09 20:32 . 2008-12-11 00:36 43 --a------ c:\windows\FFS20ChtReg.ini
2008-12-09 20:31 . 2008-12-09 20:31
2008-12-09 20:12 . 2008-12-09 20:12
2008-12-07 20:52 . 2008-12-07 20:52
2008-12-07 20:51 . 2008-12-11 06:37
2008-12-07 17:53 . 2008-12-07 17:55
2008-12-07 17:53 . 2008-12-13 08:10
2008-12-07 17:52 . 2008-12-07 17:52
2008-11-26 21:30 . 2008-12-10 14:46
2008-11-26 18:15 . 2008-11-26 18:15 0 --a------ C:\nowy.avi
2008-11-26 13:56 . 2008-11-26 13:56
2008-11-26 03:52 . 2008-11-26 03:52
2008-11-26 03:52 . 2008-11-26 18:08
2008-11-23 16:16 . 2008-11-23 16:17
2008-11-23 16:16 . 2008-11-23 16:16
2008-11-23 15:24 . 2008-11-23 15:24
2008-11-23 15:22 . 2008-11-23 15:22
2008-11-23 15:03 . 2008-11-23 15:03
2008-11-23 15:02 . 2008-11-23 15:02
2008-11-23 14:58 . 2008-11-23 14:58
2008-11-23 14:52 . 2008-11-23 14:52
2008-11-20 18:55 . 2008-12-11 20:22
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 02:48 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK
2008-12-16 08:59 --------- d---a-w c:\program files\Sports Interactive
2008-12-14 22:30 --------- d-----w c:\program files\Google
2008-12-11 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-10 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 18:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 14:08 --------- d-----w c:\documents and settings\OTHER USER\Application Data\LimeWire
2008-11-23 13:27 --------- d-----w c:\documents and settings\OTHER USER\Application Data\Sports Interactive
2008-11-23 12:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-12 19:29 --------- d-----w c:\program files\Windows Live
2008-11-09 17:58 --------- d-----w c:\program files\WinPcap
2008-11-09 16:22 --------- d-----w c:\program files\InstantBlogFeeder
2008-11-09 16:03 --------- d-----w c:\program files\DivX
2008-11-08 13:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-03 14:21 --------- d-----w c:\program files\Veoh Networks
2008-11-01 11:21 --------- d-sh--w c:\program files\KGB
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 10:54 --------- d-----w c:\program files\Java
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:16 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-02-10 22:50 7,168 --sha-w c:\program files\Thumbs.db
2007-03-20 17:52 24,192 ----a-w c:\documents and settings\USER\usbsermptxp.sys
2007-03-20 17:52 22,768 ----a-w c:\documents and settings\USER\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-04 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" [2007-04-12 1661304]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-24 36864]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 3497984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-26 2235920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-23 4734976]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-03-04 1257472]
"CrazyTalk Serve"="c:\windows\System32\CrazyTalk.dll" [2004-01-20 1007616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-09-28 111928]
"nwiz"="nwiz.exe" [2003-06-23 c:\windows\system32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [2003-04-24 c:\windows\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [2003-04-24 c:\windows\system32\PV92Tray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="c:\program files\KGB\Mpk.exe" [2008-04-15 1177600]
c:\documents and settings\All Users\Start Menu\α\΅΅ε\
DSLMON.lnk - c:\program files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe [2007-09-29 839680]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-08-24 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-11-22 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\B2BPOKER\\Asteriapoker.com\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hooligans\\Hooligans.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Paradox Interactive\\Hearts of Iron 2\\HoI2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2003-11-22 9344]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2003-11-22 389504]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-09-29 114616]
S2 AVWUpSrv;AntiVir Update;"c:\program files\AVPersonal\AVWUPSRV.EXE" []
S2 gupdate1c95e3b8d3933ec;Google Update Service (gupdate1c95e3b8d3933ec);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-15 119280]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-09-29 63555]
S2 Srv32;Srv32;c:\windows\system32\srv32.exe S []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 pohci13F;pohci13F;\??\c:\docume~1\USER\LOCALS~1\Temp\pohci13F.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c427516-ee1d-11dc-b260-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efb4bca5-2dcf-11dd-b2ee-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
.
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-04 15360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\progra~1\MESSEN~1\msmsgs.exe" [2007-04-12 1661304]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-24 36864]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 3497984]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-26 2235920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-23 4734976]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-03-04 1257472]
"CrazyTalk Serve"="c:\windows\System32\CrazyTalk.dll" [2004-01-20 1007616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-09-28 111928]
"nwiz"="nwiz.exe" [2003-06-23 c:\windows\system32\nwiz.exe]
"PCTVOICE"="pctspk.exe" [2003-04-24 c:\windows\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [2003-04-24 c:\windows\system32\PV92Tray.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\System32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="c:\program files\KGB\Mpk.exe" [2008-04-15 1177600]
c:\documents and settings\All Users\Start Menu\α\΅΅ε\
DSLMON.lnk - c:\program files\SAGEM\CONN-X SAGEM Fast 800\dslmon.exe [2007-09-29 839680]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-08-24 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-11-22 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\B2BPOKER\\Asteriapoker.com\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hooligans\\Hooligans.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Paradox Interactive\\Hearts of Iron 2\\HoI2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2003-11-22 9344]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2003-11-22 389504]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 468224]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-09-29 114616]
S2 AVWUpSrv;AntiVir Update;"c:\program files\AVPersonal\AVWUPSRV.EXE" []
S2 gupdate1c95e3b8d3933ec;Google Update Service (gupdate1c95e3b8d3933ec);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-15 119280]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-09-29 63555]
S2 Srv32;Srv32;c:\windows\system32\srv32.exe S []
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 pohci13F;pohci13F;\??\c:\docume~1\USER\LOCALS~1\Temp\pohci13F.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c427516-ee1d-11dc-b260-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efb4bca5-2dcf-11dd-b2ee-4d6564696130}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
.
- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
Contents of the 'Scheduled Tasks' folder
2008-12-17 c:\windows\Tasks\AF3E16FB918988F3.job
- c:\docume~1\user\applic~1\flaganti\VC PHONE HEART.exe []
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-12-16 c:\windows\Tasks\At1.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At10.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At11.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At12.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At13.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-13 c:\windows\Tasks\At14.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At15.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At16.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At17.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At18.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At19.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At2.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At20.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At21.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At22.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At23.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At24.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At25.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At26.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At27.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At28.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At29.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At3.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At30.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-15 c:\windows\Tasks\At31.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-14 c:\windows\Tasks\At32.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-15 c:\windows\Tasks\At33.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At34.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At35.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At36.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At37.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-13 c:\windows\Tasks\At38.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At39.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At4.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At40.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At41.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At42.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At43.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At44.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At45.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At46.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At47.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At48.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At5.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At6.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At7.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-14 c:\windows\Tasks\At8.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At9.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-12-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 00:30]
.
2008-12-17 c:\windows\Tasks\AF3E16FB918988F3.job
- c:\docume~1\user\applic~1\flaganti\VC PHONE HEART.exe []
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-12-16 c:\windows\Tasks\At1.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At10.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At11.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At12.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At13.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-13 c:\windows\Tasks\At14.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At15.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At16.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At17.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At18.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At19.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At2.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At20.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At21.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At22.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At23.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At24.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At25.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At26.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At27.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At28.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At29.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At3.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At30.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-15 c:\windows\Tasks\At31.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-14 c:\windows\Tasks\At32.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-15 c:\windows\Tasks\At33.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At34.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At35.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At36.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At37.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-13 c:\windows\Tasks\At38.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At39.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At4.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-16 c:\windows\Tasks\At40.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At41.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At42.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At43.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At44.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At45.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At46.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At47.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-16 c:\windows\Tasks\At48.job
- c:\windows\system32\Yl244LhQ.exe []
2008-12-17 c:\windows\Tasks\At5.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At6.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At7.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-14 c:\windows\Tasks\At8.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-15 c:\windows\Tasks\At9.job
- c:\windows\system32\68X0XQwt.exe []
2008-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-12-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 00:30]
.
- Vasilisgr7Novice
-
OS : Windows Xp
Posts : 21
Rubies : 3431
Likes : 0
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-WinDNN - c:\documents and settings\OTHER USER\Application Data\Google\klnxv19819115.exe
HKLM-Run-SyncManager - c:\windows\cApp.exe
HKLM-Run-q9UF5LO - c:\windows\tkmea.exe
HKLM-Run-}οΑzξ[8c:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-}οΑzξigέc:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-ΆΈu0Τ@ΤΑί]ϊόόic:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-AVGCtrl - c:\program files\AVPersonal\AVGNT.EXE
HKLM-Run-ΆΈu0Τ@ΤΑί]ϊόΈu0c:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-MacroVirus - c:\program files\MacroVirus\MacroVirus.exe
HKLM-Run-BearFlix - c:\program files\BearFlix\bearflix.exe
HKLM-Run-rant - rant.exe
HKLM-Run-MsnSniffer - (no file)
HKLM-RunServices-rant - rant.exe
HKU-Default-Run-SSS6_Suite - c:\program files\Steganos Security Suite 6\sss.exe
HKU-Default-Run-SSS6_SAFE - c:\program files\Steganos Security Suite 6\safe.exe
HKU-Default-Run-SSS6_SPM - c:\program files\Steganos Security Suite 6\spm.exe
HKU-Default-Run-NAV Auto Updates - navwindows.exe
HKU-Default-Run-rant - rant.exe
.
------- Supplementary Scan -------
.
uStart Page = www.google.gr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5f72848343ee43f6ae175adb951b6979
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5f72848343ee43f6ae175adb951b6979
TCP: {DA89608A-3C84-4282-A5AC-BC0C4FD7047D} = 195.170.0.1 195.170.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\OTHER USER\Application Data\Mozilla\Firefox\Profiles\drpcnp51.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - www.google.gr
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.133.31\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 04:46:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CrazyTalk Serve = rundll32.exe c:\windows\System32\CrazyTalk.dll,DllServeMediaFile?1??????????? ?w? ?w?????????????????????U?w?????????????????????B?w, ?w?M?w?A?w?v?w?A?w????????E???$???????x???????????f???0???'????????1?wf???*???????????????d???????d???d???????????0??????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ΆΈu04C
}οΑzξ[8c:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu04C
}οΑzξigέc:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu0Τ@ΤΑί]ϊ\"όόic:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu0Τ@ΤΑί]ϊ\"όΈu0c:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\msiexec.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-12-17 4:51:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-17 02:51:54
Pre-Run: 28 Κατάλογοι 21.950.541.824 διαθέσιμα byte
Post-Run: 28 Κατάλογοι 25,058,492,416 διαθέσιμα byte
407 --- E O F --- 2008-12-13 01:04:19
HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-WinDNN - c:\documents and settings\OTHER USER\Application Data\Google\klnxv19819115.exe
HKLM-Run-SyncManager - c:\windows\cApp.exe
HKLM-Run-q9UF5LO - c:\windows\tkmea.exe
HKLM-Run-}οΑzξ[8c:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-}οΑzξigέc:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-ΆΈu0Τ@ΤΑί]ϊόόic:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-AVGCtrl - c:\program files\AVPersonal\AVGNT.EXE
HKLM-Run-ΆΈu0Τ@ΤΑί]ϊόΈu0c:\program files\ISTsvc\istsvc.exe - c:\windows\tkmea.exe
HKLM-Run-MacroVirus - c:\program files\MacroVirus\MacroVirus.exe
HKLM-Run-BearFlix - c:\program files\BearFlix\bearflix.exe
HKLM-Run-rant - rant.exe
HKLM-Run-MsnSniffer - (no file)
HKLM-RunServices-rant - rant.exe
HKU-Default-Run-SSS6_Suite - c:\program files\Steganos Security Suite 6\sss.exe
HKU-Default-Run-SSS6_SAFE - c:\program files\Steganos Security Suite 6\safe.exe
HKU-Default-Run-SSS6_SPM - c:\program files\Steganos Security Suite 6\spm.exe
HKU-Default-Run-NAV Auto Updates - navwindows.exe
HKU-Default-Run-rant - rant.exe
.
------- Supplementary Scan -------
.
uStart Page = www.google.gr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?5f72848343ee43f6ae175adb951b6979
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?5f72848343ee43f6ae175adb951b6979
TCP: {DA89608A-3C84-4282-A5AC-BC0C4FD7047D} = 195.170.0.1 195.170.2.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\OTHER USER\Application Data\Mozilla\Firefox\Profiles\drpcnp51.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - www.google.gr
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.133.31\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 04:46:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CrazyTalk Serve = rundll32.exe c:\windows\System32\CrazyTalk.dll,DllServeMediaFile?1??????????? ?w? ?w?????????????????????U?w?????????????????????B?w, ?w?M?w?A?w?v?w?A?w????????E???$???????x???????????f???0???'????????1?wf???*???????????????d???????d???d???????????0??????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ΆΈu04C
}οΑzξ[8c:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu04C
}οΑzξigέc:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu0Τ@ΤΑί]ϊ\"όόic:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
"ΆΈu0Τ@ΤΑί]ϊ\"όΈu0c:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\tkmea.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\msiexec.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-12-17 4:51:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-17 02:51:54
Pre-Run: 28 Κατάλογοι 21.950.541.824 διαθέσιμα byte
Post-Run: 28 Κατάλογοι 25,058,492,416 διαθέσιμα byte
407 --- E O F --- 2008-12-13 01:04:19
- BelahzurSite Admin
-
OS : 7 Home Premium x64
Posts : 34948
Rubies : 218220
Likes : 18
Please download the OTMoveIt3 by OldTimer.
Please post a new Hijack This log + OTMoveIt log.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:processes
explorer.exe
:files
c:\program files\KGB
c:\windows\Tasks\AF3E16FB918988F3.job
c:\windows\Tasks\At*.job
c:\windows\system32\68X0XQwt.exe
c:\windows\system32\Yl244LhQ.exe
c:\WINDOWS\tkmea.exe
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c427516-ee1d-11dc-b260-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efb4bca5-2dcf-11dd-b2ee-4d6564696130}]
:commands
[purity]
[emptytemp]
[start explorer]
[reboot] - Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Please post a new Hijack This log + OTMoveIt log.
Site Admin / Security Administrator
[Prework] - Please PM me if I fail to respond within 24hrs.


Page 1 of 2 • 1, 2
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum