Hello.
I found out that my PC was infected with Trojans and backdoors,
by using 'drweb-cureit'.
Then I had my PC scanned with 'comboscan',
which I downloaded from a person who advised me to
(the same person who recomended me to download 'drweb-cureit').
I was advised to post the 'HijackThis' log to a help forum.
I am in need of your help.
Here is the log.
('デスクトップ’ means 'desktop'
’ツールバー’means 'toolbar'
'ウェブ’ means ’web'
'表示' means ’display'
'検索’ means ' search'
'メッセンジャー’ means 'messenger'
'クローズド キャプション デコーダ’means 'closed caption decoder'
'キーボード’ means 'keyboard'
'ドライバ’ means 'driver'
'ネット’ means 'net'
'ビデオ’ means 'video'
'接続’ means 'connection'
'高’means 'high'
’フロッピー’ means 'floppy'
'ディスク'means 'disk'
’オ-ディオ’means 'audio'
'ドライブ’ means 'drive'
’大容量’ means 'major volume'
'記憶装置’means 'memory machine'
'サービス’ means 'service'
'プロバイダ’ means 'provider'
'サポート環境’means 'supporting environment'
'状態’ means 'state/situatione')
ComboScan v20070212.14 run by Owner on 2007-02-21 at 13:10:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Owner.com) --------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:11:59, on 2007/02/21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fujitsu\PCKARTE\PCKTESVC.EXE
C:\Program Files\Fujitsu\sa\api\SBRSVC.EXE
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Tor\tor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Documents and Settings\Owner\デスクトップ\comboscan.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~hecniwo.tmp\Owner.com
R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - (A068E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton ツールバーの表示 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Mini\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra 'Tools' menuitem: Yahoo!メッセンジャー - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerj.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
http://news.bbc.co.uk
O15 - Trusted Zone:
http://www.home.ne.jp
O15 - Trusted Zone:
http://office.microsoft.com
O15 - Trusted Zone:
http://windowsupdate.microsoft.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) -
http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) -
http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4A88CB42-BBFE-496A-884F-98E8AC316292} (YJInstStarter Control) -
http://dl.toolbar.ya...alls/yjinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1134305975807
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://jp.mcafee.com...ScannerCtrl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
http://www.symantec....sa/SymAData.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCKarte Client Tool Service (PCKarte) - FUJITSU LIMITED - C:\Program Files\Fujitsu\PCKARTE\PCKTESVC.EXE
O23 - Service: PowerUtility Schedule (PUSCSRVC) - FUJITSU LIMITED - C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: SBRLLA For FM Advisor (SBRLLA) - FUJITSU LIMITED - C:\Program Files\Fujitsu\sa\api\SBRSVC.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
0 ACPIEC (Microsoft Embedded Controller Driver) - System32\DRIVERS\ACPIEC.sys
3 AgereSoftModem (Agere Systems Soft Modem) - System32\DRIVERS\AGRSM.sys
3 aliadwdm (ALi Audio Accelerator WDM driver) - system32\drivers\ac97ali.sys
0 AliIde - System32\DRIVERS\aliide.sys
3 ApfiltrService (Alps Pointing-device Filter Driver) - System32\DRIVERS\Apfiltr.sys
3 Arp1394 (1394 ARP Client プロトコル) - System32\DRIVERS\arp1394.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
2 BtnHnd - \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
0 caboagp (ATI Cabo AGP Filter) - System32\DRIVERS\atisgkaf.sys
3 Cap7134 (TVFM 503 WDM Video Capture) - System32\DRIVERS\Cap7134.sys
3 CCDECODE (クローズド キャプション デコーダ) - System32\DRIVERS\CCDECODE.sys
3 CONAN - system32\drivers\o2mmb.sys
3 CO_Mon - \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0 FJGPNV - System32\drivers\FJGPNV.SYS
2 FlashDrv - \??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys
1 FsVga - System32\DRIVERS\fsvga.sys
3 FUJ02B1 (Fujitsu FUJ02B1 Device Driver) - System32\DRIVERS\FUJ02B1.sys
1 fwdrv (Firewall Driver) - \SystemRoot\system32\drivers\fwdrv.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
1 kbdhid (キーボード HID ドライバ) - System32\DRIVERS\kbdhid.sys
1 khips (Kerio HIPS Driver) - \SystemRoot\system32\drivers\khips.sys
2 LampDrv - \??\C:\Program Files\Fujitsu\iNetConDsp\LampDrv.sys
3 LucentSoftModem (Lucent Technologies Soft Modem) - System32\DRIVERS\LTSM.sys
3 mouhid (マウス HID ドライバ) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070220.019\NAVENG.SYS
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070220.019\NAVEX15.SYS
3 NdisIP (Microsoft TV/ビデオ接続) - System32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 ネット ドライバ) - System32\DRIVERS\nic1394.sys
0 ohci1394 (NEC FireWarden OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
3 PhTVTune (TVFM WDM TVTuner (SAA713x)) - System32\DRIVERS\PhTVTune.sys
3 PRISM (Intersil PRISM Wireless LAN Driver) - System32\DRIVERS\PRISMNDS.sys
2 PUSCSYS - \??\C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSYS.sys
0 PxHelp20 - System32\DRIVERS\PxHelp20.sys
3 rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - System32\DRIVERS\R8139n51.SYS
2 RVI04 - \??\C:\Program Files\Common Files\RVI04\RVI04.sys
3 Sfloppy (高密度フロッピー ディスク ドライブ) - System32\DRIVERS\sfloppy.sys
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3 SRTSP - System32\Drivers\SRTSP.SYS
3 SRTSPL - System32\Drivers\SRTSPL.SYS
1 SRTSPX - System32\Drivers\SRTSPX.SYS
3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - system32\drivers\STAC97.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070214.003\SymIDSCo.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 usbaudio (USB オーディオ ドライバ (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 USBSTOR (USB 大容量記憶装置ドライバ) - System32\DRIVERS\USBSTOR.SYS
4 WS2IFSL (Windows Socket 2.0 非 IFS サービス プロバイダ サポート環境) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 aspnet_state (ASP.NET 状態サービス) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\System32\Ati2evxx.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2 ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
3 comHost (COM Host) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
2 Fax - %systemroot%\system32\fxssvc.exe
3 FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 iPodService - C:\Program Files\iPod\bin\iPodService.exe
3 ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
2 KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
4 NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
2 PCKarte (PCKarte Client Tool Service) - C:\Program Files\Fujitsu\PCKARTE\PCKTESVC.EXE
2 PUSCSRVC (PowerUtility Schedule) - C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCSRVC.exe
3 putlrsrv (PowerUtility Remote Power Management Service) - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
2 SBRLLA (SBRLLA For FM Advisor) - C:\Program Files\Fujitsu\sa\api\SBRSVC.EXE
2 SiteAdvisor Service - C:\Program Files\SiteAdvisor\6028\SAService.exe
2 Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2 SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
3 WMConnectCDS (Windows Media Connect サービス) - C:\Program Files\Windows Media Connect 2\wmccds.exe
-- Scheduled Tasks --------------------------------------------------------------
2007-02-21 12:36:17 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-20 19:00:07 592 --a------ C:\WINDOWS\Tasks\Norton Internet Security - システムの完全スキャンを実行 - Owner.job<NORTON~1.JOB>
-- Files created between 2007-01-21 and 2007-02-21 ------------------------------
2007-02-19 08:43:12 0 d-------- C:\Documents and Settings\Owner\DoctorWeb<DOCTOR~1>
2007-02-17 15:17:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-17 13:29:48 0 d-------- C:\Documents and Settings\Administrator.FM-8BC35C0AC36B.000\Application Data\InterTrust<INTERT~1>
2007-02-17 13:29:46 0 d-------- C:\Documents and Settings\Administrator.FM-8BC35C0AC36B.000\デスクトップ<デスク~1>
2007-02-17 13:29:46 0 --------- C:\Documents and Settings\Administrator.FM-8BC35C0AC36B.000\ス・ート メニュー><0: RD>
2007-02-17 13:29:46 0 d-------- C:\Documents and Settings\Administrator.FM-8BC35C0AC36B.000\WINDOWS
2007-02-17 13:29:44 966656 --a------ C:\Documents and Settings\Administrator.FM-8BC35C0AC36B.000\NTUSER.DAT
2007-02-14 18:55:08 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-02-14 18:53:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-02-14 18:51:28 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-02-11 18:38:29 0 d-------- C:\Program Files\ID-Blaster Plus<ID-BLA~1>
2007-02-11 18:34:44 0 d-------- C:\Program Files\MRU-Blaster<MRU-BL~1>
2007-02-11 18:28:21 0 d-------- C:\Program Files\Doc Scrubber<DOCSCR~1>
2007-02-11 17:37:44 0 d-------- C:\Program Files\EULAlyzer<EULALY~1>
2007-02-08 11:13:50 0 d-------- C:\Program Files\Recuva
2007-02-07 07:37:22 0 d-------- C:\ie-spyad_zo<IE-SPY~1>
2007-02-06 20:42:53 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-06 20:28:13 0 d-------- C:\Documents and Settings\Owner\Application Data\WinPatrol<WINPAT~1>
2007-02-06 20:03:56 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-06 20:03:45 0 d-------- C:\Program Files\Grisoft
2007-02-06 13:58:22 0 d-------- C:\Program Files\Torbutton<TORBUT~1>
2007-02-06 13:58:17 0 d-------- C:\Program Files\Privoxy
2007-02-06 13:58:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Vidalia
2007-02-06 13:58:15 0 d-------- C:\Program Files\Vidalia
2007-02-06 13:58:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Tor
2007-02-06 13:58:11 0 d-------- C:\Program Files\Tor
2007-02-06 13:27:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Opera
2007-02-06 13:26:35 0 d-------- C:\Program Files\Opera
2007-02-06 11:24:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-06 11:24:08 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-05 10:47:28 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-02-05 10:45:19 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL<Signed: Symantec Corporation>
2007-02-05 10:45:19 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS<Signed: Symantec Corporation>
2007-02-05 10:43:41 0 d-------- C:\Program Files\Symantec
2007-02-03 11:26:38 0 d-------- C:\Program Files\RegistryFix<REGIST~2>
2007-02-02 16:13:30 0 d-------- C:\Program Files\MSBuild
2007-02-02 16:04:52 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-02-02 16:04:45 0 d-------- C:\WINDOWS\system32\en-us
2007-02-02 16:01:04 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-01-31 14:33:37 0 d-------- C:\Program Files\Symantec Technical Support<SYMANT~1>
2007-01-30 17:16:21 0 d-------- C:\Program Files\Safer Networking<SAFERN~1>
2007-01-29 02:12:05 1135616 --a------ C:\WINDOWS\system32\Ntbackup.exe<Unsigned: Microsoft Corporation>
2007-01-29 02:11:48 0 d---s---- C:\WINDOWS\WinSafe
2007-01-29 01:52:05 0 d-------- C:\WINDOWS\Sysbckup
2007-01-29 01:42:32 720896 --a------ C:\WINDOWS\iun6002ev.exe<IUN600~1.EXE><Unsigned: Indigo Rose Corporation>
2007-01-29 01:20:17 12288 --a------ C:\WINDOWS\system32\regocx32.exe<Unsigned: n/a>
2007-01-29 00:40:28 71680 --a------ C:\WINDOWS\ST5UNST.EXE<Unsigned: Microsoft Corporation>
2007-01-29 00:09:17 155648 --a------ C:\WINDOWS\system32\ssleay32.dll<Unsigned: n/a>
2007-01-29 00:09:17 696320 --a------ C:\WINDOWS\system32\libeay32.dll<Unsigned: n/a>
2007-01-29 00:09:07 25264 --a------ C:\WINDOWS\system32\smrgdf.exe<Unsigned: n/a>
2007-01-29 00:09:07 41472 --a------ C:\WINDOWS\system32\iolobtdfg.exe<IOLOBT~1.EXE><Unsigned: n/a>
2007-01-29 00:09:06 436328 --a------ C:\WINDOWS\system32\Incinerator.dll<INCINE~1.DLL><Signed: n/a>
2007-01-28 23:45:24 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-01-28 22:57:30 0 d-------- C:\Program Files\WIN Doc Pro<WINDOC~1>
2007-01-28 22:55:08 0 d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software<TUNEUP~1>
2007-01-28 22:53:07 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1>
2007-01-24 23:30:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-24 23:30:50 0 d-------- C:\Program Files\SmartPCTools<SMARTP~1>
2007-01-24 23:21:22 0 d-------- C:\Program Files\3B Software<3BSOFT~1>
2007-01-22 15:52:35 0 d-------- C:\Program Files\PCPitstop<PCPITS~1>
-- Find3M Report ----------------------------------------------------------------
2007-02-21 12:48:35 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-21 12:26:40 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-21 11:33:15 83536 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-02-21 11:33:10 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 09:14:00 0 d-------- C:\Program Files\Jrail
2007-02-18 00:59:36 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-02-17 22:08:33 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-13 16:08:54 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-06 11:24:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-02-05 08:50:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-02-02 17:20:47 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys<Signed: Symantec Corporation>
2007-02-02 16:14:50 226268 --a------ C:\WINDOWS\system32\perfh011.dat
2007-02-02 16:14:50 70994 --a------ C:\WINDOWS\system32\perfc011.dat
2007-01-30 16:44:20 0 d-------- C:\Documents and Settings\Owner\Application Data\DATT JAPAN<DATTJA~1>
2007-01-20 19:33:54 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2007-01-17 17:23:47 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2<MICROS~4>
2007-01-14 19:32:22 0 d-------- C:\Program Files\TLTSH07
2007-01-12 03:22:20 276792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys<Signed: Symantec Corporation>
2007-01-12 03:22:18 25400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys<Signed: Symantec Corporation>
2007-01-12 03:22:14 247608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys<Signed: Symantec Corporation>
2007-01-10 03:47:38 242320 --a------ C:\WINDOWS\system32\SymRedir.dll<Signed: Symantec Corporation>
2007-01-10 03:47:38 624784 --a------ C:\WINDOWS\system32\SymNeti.dll<Signed: Symantec Corporation>
2007-01-09 23:32:14 191544 --a------ C:\WINDOWS\system32\drivers\symtdi.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 27576 --a------ C:\WINDOWS\system32\drivers\symredrv.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 38200 --a------ C:\WINDOWS\system32\drivers\symndisv.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 35256 --a------ C:\WINDOWS\system32\drivers\symndis.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 40120 --a------ C:\WINDOWS\system32\drivers\symids.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 145976 --a------ C:\WINDOWS\system32\drivers\symfw.sys<Signed: Symantec Corporation>
2007-01-09 23:32:14 12984 --a------ C:\WINDOWS\system32\drivers\symdns.sys<Signed: Symantec Corporation>
2006-12-30 07:01:27 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor<SITEAD~1>
2006-12-29 09:07:39 0 d-------- C:\Program Files\Privacy and Registry Cleaner<PRIVAC~1>
2006-12-25 22:06:06 0 d-------- C:\Program Files\Fgw10
2006-12-25 22:06:05 0 d-------- C:\Program Files\Common Files\Konica Uploader<KONICA~1>
2006-11-27 09:07:11 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Vidalia"="\"C:\\Program Files\\Vidalia\\vidalia.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LTSMMSG"="LTSMMSG.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"IS CfgWiz"="\"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltUIStb.exe\" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE \"REBOOT\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6021\\SiteAdv.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Mini\\3.0\\Apps\\apdproxy.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^スタートメニュー^プログラム^スタートアップ^hatchInn.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\hatchInn.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Di\\Hatchinn\\hatchinn.exe "
"item"="hatchInn.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^スタートメニュー^プログラム^スタートアップ^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^スタートメニュー^プログラム^スタートアップ^TVfunSTUDIO タイマー.lnk]
"backup"="C:\\WINDOWS\\pss\\TVfunSTUDIO タイマー.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PANASO~1\\TVFUNS~1\\eTVtimer.exe "
"item"="TVfunSTUDIO タイマー"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^スタートメニュー^プログラム^スタートアップ^富士通サービスアシスタント.lnk]
"backup"="C:\\WINDOWS\\pss\\富士通サービスアシスタント.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Fujitsu\\sa\\bin\\matcli.exe -boot"
"item"="富士通サービスアシスタント"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
-- End of ComboScan: finished at 2007-02-21 at 13:17:02 -------------------------