Thread: zapchast.reg,msconfig.exe-Trojan.Please help!
View Single Post
Old 05-01-2008, 06:54 AM   #1 (permalink)
andrian
Registered User
 
Join Date: Apr 2008
Posts: 6
OS: XP2


zapchast.reg,msconfig.exe-Trojan.Please help!
At startup happened me 2 problems:
1.McAfee warning that deleted C:\a.bat file of the zapchast.reg trojan.I do not know where is this location.
2.Firewall warning that blocking msconfig.When i checked in C:\ found 2 location for msconfig.exe:
-in Windows\Pchealth|helpcrt\binaries with size 158.208b-file open System Configuration Utility,in Registry Editor is in HKLMSoftwareMicrosoftWindowsCurrentVersionsApppaths.msconfig.exe,in right side has data above
-in Windows\System32\msconfig.exe with size 1.25Mb,in RE is inHKLMSoftMicrWindCVRun and RunServices with name DRam prosessor and dat msconfig.exe(in right side).Spybot-Search&Destroy found it-Win32.Rbot.aeu
STEP 1
did not find those Malware in Add/Remove Program tab
STEP 2
Panda active scan log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-30 22:45:27
PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.revenue.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.com.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.statcounter.com/]
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.club.cdfreaks.com/]
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.club.cdfreaks.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Cookies\user@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.bs.serving-sys.com/]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.cdfreaks.com/]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.cdfreaks.com/]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.cdfreaks.com/]
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.cdfreaks.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[server.iad.liveperson.net/hc/86992609]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[server.iad.liveperson.net/hc/19452074]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[statse.webtrendslive.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.questionmarket.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.bravenet.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[searchportal.information.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.did-it.com/]
00252281 Adware/Trymedia Adware No 0 Yes No F:\Programe instalate si de arhivat\Jocuri\Setup_Moorhuhn_Winter_GER-dm.exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.atwola.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.smartadserver.com/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\np04aijf.default\cookies.txt[.adserver.easyad.info/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location Մ
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\MSCONFIG.EXE Մ
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Մ
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Nothing delete.

STEP 3
Spyware blaster-yes,IE-Spyad-no.I do not install Internet explorer.in past had problems with it.I have Mozilla-Firefox and know that IE is very good for scan online.
STEP 4
My Automatic Update is ON and update daily at 21.00.
Step 5
Deckard system scanner.

Deckard's System Scanner v20071014.68
Run by USER on 2008-05-01 11:42:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as USER.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:32 AM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\msconfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\lxdbcoms.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Programe instalate si de arhivat\Anti pericole\dss.exe
F:\PROGRA~2\ANTIPE~1\USER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ro/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXDBCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconfig.exe
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ro/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5033/CTPID.cab
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdb_device - - C:\WINDOWS\system32\lxdbcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 8082 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-30 18:34:19 0 d-------- C:\Program Files\Panda Security
2008-04-30 15:39:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-30 09:44:56 0 d-------- C:\WINDOWS\LastGood
2008-04-29 18:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 09:58:22 0 d-------- C:\Documents and Settings\USER\Application Data\Remind-Me
2008-04-28 09:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\GrebleSoft
2008-04-26 2106 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-26 21:05:58 0 d-------- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com
2008-04-26 11:31:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-26 11:31:01 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-26 11:10:37 0 d-------- C:\Documents and Settings\USER\Application Data\TuneUp Software
2008-04-26 10:31:03 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-04-25 22:28:51 0 d-------- C:\Documents and Settings\USER\Application Data\ZoomBrowser EX
2008-04-25 22:24:25 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-25 18:20:11 0 d-------- C:\Program Files\QuickTime
2008-04-25 13:34:43 0 d-------- C:\Program Files\totalcmd
2008-04-24 18:14:08 0 d-------- C:\Documents and Settings\USER\Application Data\Uniblue
2008-04-24 17:01:32 0 d-------- C:\WINDOWS\Aloha Solitaire
2008-04-22 21:55:01 0 d-------- C:\Program Files\DAMN NFO Viewer
2008-04-19 13:59:09 0 d-------- C:\Program Files\Pure Sudoku Deluxe
2008-04-01 13:42:39 10 --a------ C:\WINDOWS\popcinfo.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-01 11:45:15 0 d-------- C:\Documents and Settings\USER\Application Data\uTorrent
2008-05-01 11:34:43 0 d-------- C:\Documents and Settings\USER\Application Data\SiteAdvisor
2008-04-30 23:59:12 0 d-------- C:\Program Files\Lx_cats
2008-04-30 21:15:06 0 d-------- C:\Documents and Settings\USER\Application Data\MahJong Suite
2008-04-30 20:37:51 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2008-04-30 18:34:21 3155 --a----c- C:\WINDOWS\mozver.dat
2008-04-29 23:27:24 0 d-------- C:\Documents and Settings\USER\Application Data\Vso
2008-04-29 23:27:24 33 --a----c- C:\Documents and Settings\USER\Application Data\pcouffin.log
2008-04-29 23:27:23 47360 --a----c- C:\Documents and Settings\USER\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-29 23:27:23 1144 --a----c- C:\Documents and Settings\USER\Application Data\pcouffin.inf
2008-04-29 23:27:23 7887 --a----c- C:\Documents and Settings\USER\Application Data\pcouffin.cat
2008-04-29 22:45:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 08:02:41 0 d-------- C:\Program Files\iTunes
2008-04-26 14:33:31 0 d-------- C:\Program Files\Bonjour
2008-04-26 10:31:10 0 d-------- C:\Documents and Settings\USER\Application Data\URSoft
2008-04-25 22:47:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 22:14:08 0 d-------- C:\Program Files\Java
2008-04-11 22:05:37 0 d-------- C:\Program Files\Common Files\Canon
2008-03-28 21:27:08 0 d-------- C:\Program Files\Yahoo!
2008-03-27 22:00:10 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-03-25 10:23:54 0 d-------- C:\Program Files\ACW
2008-03-21 21:15:23 0 d-------- C:\Documents and Settings\USER\Application Data\Real
2008-03-20 19:15:31 0 d-------- C:\Program Files\Common Files
2008-03-19 19:57:47 0 d-------- C:\Documents and Settings\USER\Application Data\BSplayer
2008-03-19 10:12:30 0 d-------- C:\Documents and Settings\USER\Application Data\Leadertech
2008-03-19 10:10:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 16:03:06 3153 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-03-12 16:02:59 3107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-03-12 16:02:51 2987 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-03-12 16:02:42 2843 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2008-03-12 15:55:07 8457 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-03-12 15:54:59 13281 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-12 14:07:16 0 d-------- C:\Program Files\Illustrate-dbPower
2008-03-10 21:28:35 0 d-------- C:\Documents and Settings\USER\Application Data\wsInspector
2008-03-10 20:45:32 0 d-------- C:\Program Files\Matrix Sudoku
2008-02-14 12:24:55 10020 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-14 12:24:55 56 -r-hs--c- C:\WINDOWS\system32\E04C8C1E33.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [05/06/2007 06:10 PM C:\WINDOWS\sttray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 06:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 06:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 06:14 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 02:39 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"LXDBCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll" [03/02/2006 09:48 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/28/2008 09:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"DRam prosessor"="msconfig.exe" [06/13/2007 01:23 PM C:\WINDOWS\system32\msconfig.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WMC_0"=C:\WINDOWS\system32\cmd.exe /c """""C:\WINDOWS\inf\unregmp2.exe"" /ShowWMP"""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DRam prosessor"=msconfig.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-05-01 11:46:00 ------------

Thank you for help and excuse me for my english hard to please.
Attached Files
File Type: txt extra.txt (17.3 KB, 0 views)
andrian is offline