Started from : C:\Documents and Settings\nino.DELL\Desktop\HijackThis.EXE Detected: Windows XP SP3 (WinNT 5.01.2600) Detected: Internet Explorer v8.00 (8.00.6001.18702) * Using default options ================================================== Running processes: C:\WINDOWS.1\System32\smss.exe C:\WINDOWS.1\system32\winlogon.exe C:\WINDOWS.1\system32\services.exe C:\WINDOWS.1\system32\lsass.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\system32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\System32\svchost.exe C:\WINDOWS.1\Explorer.exe C:\WINDOWS.1\system32\spoolsv.exe C:\WINDOWS.1\system32\28463\svchost.exe C:\WINDOWS.1\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS.1\system32\ctfmon.exe C:\WINDOWS.1\system32\nvsvc32.exe C:\WINDOWS.1\system32\locator.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS.1\system32\vmnat.exe C:\WINDOWS.1\system32\vmnetdhcp.exe C:\WINDOWS.1\system32\wuauclt.exe C:\Documents and Settings\nino.DELL\Desktop\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS.1\system32\NOTEPAD.EXE C:\Program Files\Spyware Doctor\swdoctor.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS.1\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run svchost Agent = C:\WINDOWS.1\system32\28463\svchost.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS.1\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS.1\system32\NvMcTray.dll,NvTaskbarInit GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS.1\system32\ctfmon.exe Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q -------------------------------------------------- Shell & screensaver key from C:\WINDOWS.1\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\WINDOWS.1\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* --------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D42 6709BBFEB} (no name) - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F 9-0BBC1D38A37E} (no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17D F180C71AC} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job At1.job -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\WINDOWS.1\system32\webcheck.dll WPDShServiceObj: C:\WINDOWS.1\system32\wpdshserviceobj.dll PostBootReminder: C:\WINDOWS.1\system32\SHELL32.dll CDBurn: C:\WINDOWS.1\system32\SHELL32.dll SysTray: C:\WINDOWS.1\system32\stobject.dll -------------------------------------------------- End of report, 4,441 bytes Report generated in 0.031 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only