Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:28, on 12/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\\Windows\\System32\\smss.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\wininit.exe
C:\\Windows\\system32\\csrss.exe
C:\\Windows\\system32\\services.exe
C:\\Windows\\system32\\lsass.exe
C:\\Windows\\system32\\lsm.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\winlogon.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\SLsvc.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\spoolsv.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\LG Electronics\\LG EV-DO Rev.A USB Modem\\Modem Software\\REVAService.exe
C:\\Program Files\\SuperCopier2\\SuperCopier2.exe
C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Windows Media Player\\wmpnscfg.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Windows\\system32\\agrsmsvc.exe
C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Windows\\system32\\svchost.exe
C:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\SearchIndexer.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BtStackServer.exe
C:\\Windows\\system32\\taskeng.exe
C:\\Program Files\\Windows Media Player\\wmpnetwk.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Windows\\system32\\wbem\\wmiprvse.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HJT.exe
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.1.1309.15642\\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files\\Google\\Google Toolbar\\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [SoundMAX] C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray
O4 - HKLM\\..\\Run: [IgfxTray] C:\\Windows\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\Windows\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\Windows\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [NokiaMServer] C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles
O4 - HKLM\\..\\Run: [TrojanScanner] C:\\Program Files\\Trojan Remover\\Trjscan.exe
O4 - HKLM\\..\\Run: [avgnt] "C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe" /min
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe" -osboot
O4 - HKLM\\..\\Run: [RemoteControl] "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"
O4 - HKLM\\..\\Run: [LanguageShortcut] "C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe"
O4 - HKLM\\..\\Run: [WatchDog] C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [REVAService] C:\\Program Files\\LG Electronics\\LG EV-DO Rev.A USB Modem\\Modem Software\\REVAService.exe
O4 - HKCU\\..\\Run: [SuperCopier2.exe] C:\\Program Files\\SuperCopier2\\SuperCopier2.exe
O4 - HKCU\\..\\Run: [swg] C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe
O4 - HKCU\\..\\Run: [ares] "C:\\Program Files\\Ares\\Ares.exe" -h
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe" /background
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247175246914
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\\Program Files\\Google\\Google Toolbar\\Component\\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\\Program Files\\CyberLink\\Shared files\\RichVideo.exe
O23 - Service: ServiceLayer - Unknown owner - C:\\Program Files\\Nokia\\PC Connectivity Solution\\ServiceLayer.exe (file missing)
O23 - Service: @%SystemRoot%\\System32\\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\\Windows\\System32\\TuneUpDefragService.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\\Program Files\\MSN Messenger\\usnsvc.exe (file missing)
--
End of file - 9384 bytes