Máy tính khởi động siêu chậm.

Máy tính khởi động siêu chậm.

Cả máy tính ở nhà của em và ở công ty đều khởi động rất chậm. Vào đến WIN rồi còn phải chờ load rất lâu, phải tầm 3 phút trở lên, mới sử dụng được khó chịu lắm ý. Mặc dù em đã bỏ hết tùy chọn startup trong msconfig rồi mà nó vẫn thế.

Không biết có phải do cái này ko?



Nhờ các bro giúp em làm thế nào để cải thiện tình hình với ạ.

Cảm ơn các bác, chúc các bác cuối tuần vui vẻ

Bạn google phần mềm Hijackthis, chọn chế độ scan and save log rồi paste nội dung file lên trên này để mọi người giúp phân tích nhé
Được milandini sửa chữa / chuyển vào 12:26 ngày 19/04/2009

"Mặc dù em đã bỏ hết tùy chọn startup trong msconfig rồi..."<~~~là thế nào nhỉ, cho xem lại thẻ startup xem nào.
Máy khởi động chậm thì có nhiều lí do lắm, thử điều chỉnh lại trong BIOS xem.

nhiều chương trình không nạp qua startup mà. Tốt nhất là cài lại win đi.

Dạ, startup đây bác ạ

Dạ, file log đây ạ, bro phân tích giúp em với. Thanks bro
Logfile of HijackThis v1.99.1
Scan saved at 3:19:30 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32winsersec.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32WLTRYSVC.EXE
C:WINDOWSSystem32cmwltry.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOW***plorer.exe
Crogram FilesUniKeyUniKey.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
Crogram FilesLenovoBluetooth Softwareintwdins.exe
C:WINDOWSsystem32LckFldService.exe
Crogram FilesLogMeInx86RaMaint.exe
Crogram FilesLogMeInx86LogMeIn.exe
Crogram FilesLogMeInx86LMIGuardian.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
Crogram FilesNorton GhostAgentVProSvc.exe
C:WINDOWSsystem32PMSveH.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32dllhost.exe
Crogram FilesTechSmithCamtasia Studio 5CamtasiaStudio.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesTechSmithCamtasia Studio 5TSCHelp.exe
Crogram FilesNorton GhostSharedDriversSymSnapService.exe
C:WINDOWSsystem32mspaint.exe
Crogram FilesHijackThisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://dantri/
F2 - REG:system.ini: UserInit=c:windowsSystem32Userinit.exe
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:SetupInternetIDM 5.11 Build 6 FixedIDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - Crogram FilesTechSmithSnagIt 9SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram FilesFlashGetjccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Crogram FilesAVGAVG8avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_07inssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:WINDOWSsystem32hgkjghg0.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram FilesFlashGetgetflash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Crogram FilesTechSmithSnagIt 9SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll
O4 - HKCU..Run: [UniKey] Crogram FilesUniKeyUniKey.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Download All with FlashGet - Crogram FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - Crogram FilesFlashGetjc_link.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All Links with IDM - D:SetupInternetIDM 5.11 Build 6 FixedIEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:SetupInternetIDM 5.11 Build 6 FixedIEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:SetupInternetIDM 5.11 Build 6 FixedIEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - Crogram FilesLenovoBluetooth Softwaretsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_07inssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_07inssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra ''Tools'' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {35A9D2C9-B3FF-472D-AF68-FA63AD28A7DD} (OnGameDownLoader Control) - http://www.ongame.com.vn/activeX/OnGameDownLoader.cab
O17 - HKLMSystemCCSServicesTcpip..{752E5668-6D85-42EE-BB70-3E03F6FCE909}: NameServer = 203.113.188.1
O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - CROGRA~1COMMON~1QUESTS~1CODEXP~1qcom.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:WINDOWSSYSTEM32LMIinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - Crogram FilesLenovoBluetooth Softwareintwdins.exe
O23 - Service: LckFldService - Unknown owner - C:WINDOWSsystem32LckFldService.exe
O23 - Service: LiveUpdate - Symantec Corporation - CROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - Crogram FilesLogMeInx86RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - Crogram FilesLogMeInx86LogMeIn.exe
O23 - Service: Norton Ghost - Symantec Corporation - Crogram FilesNorton GhostAgentVProSvc.exe
O23 - Service: PMSveH - Lenovo - C:WINDOWSsystem32PMSveH.exe
O23 - Service: SymSnapService - Symantec - Crogram FilesNorton GhostSharedDriversSymSnapService.exe
O23 - Service: winser - Unknown owner - C:WINDOWSsystem32winsersec.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32WLTRYSVC.EXE

Máy bạn bị nhiễm mấy em Virus này:
F2 - REG:system.ini: UserInit=c:windowsSystem32Userinit.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''''Tools'''' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O23 - Service: winser - Unknown owner - C:WINDOWSsystem32winsersec.exe
Bạn nhờ anh google cách diệt từng con nhé
GL & HF

Bạn ơi cái vàng vàng này mình thấy nó là chương trình đi kèm của mircrosoft đấy chứ có phải là virus đâu.

msmsgs.exe is not msmsgr.exe (MSN Messenger) or messenger service. It''''s a downloader virus.
Google for Combofix, download and save it to your desktop
**Note: It is important that it is saved directly to your desktop**
* Close any open browsers. Disconnect from the internet.
* Close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix. Remember to re-enable them when you are done.
* Double click on combofix.exe & follow the prompts.
* When finished, it will produce a report for you.
* Please post the "C:ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall
Cre*** to Techsupportforum.com
Được milandini sửa chữa / chuyển vào 23:57 ngày 20/04/2009

Thanks bro nhiều nhiều.
Em đã làm như bro bảo và kết quả là thế này ạ.
C:ComboFix.txt
"Lenovo" - 2009-04-25 21:31:41 Service Pack 2
ComboFix 07-05.27.BV - Running from: "Cocuments and SettingsLenovoDesktop"
((((((((((((((((((((((((((((((( Files Created from 2009-03-25 to 2009-04-25 ))))))))))))))))))))))))))))))))))
2009-04-20 11:10 <DIR> d-------- COCUME~1LenovoAPPLIC~1Yahoo!
2009-04-20 11:10 <DIR> d-------- COCUME~1ALLUSE~1APPLIC~1Yahoo! Companion
2009-04-20 11:09 <DIR> d-------- Crogram FilesFLV Player
2009-04-18 22:09 107,864 --a------ C:WINDOWSsystem32 sccvid.dll
2009-04-18 22:09 <DIR> d-------- C:WINDOWSsystem32QuickTime
2009-04-18 22:08 <DIR> d-------- Crogram FilesCommon FilesTechSmith Shared
2009-04-09 14:12 116,736 --a------ C:WINDOWSsystem32driversmcdbus.sys
2009-04-09 14:12 <DIR> d-------- Crogram FilesMagicDisc
2009-04-09 14:10 <DIR> d-------- Crogram FilesMagicISO
2009-03-30 18:11 <DIR> d-------- COCUME~1LenovoAPPLIC~1FFSJ
2009-03-30 18:09 794,906 --a------ C:WINDOWSunins000.exe
2009-03-30 18:09 4,202 --a------ C:WINDOWSunins000.dat
2009-03-30 18:09 <DIR> d-------- C:WINDOWSsystem32FFSJ
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-04-25 09:15:27 -------- d-----w Crogram FilesLogMeIn
2009-04-23 14:09:27 -------- d-----w COCUME~1LenovoAPPLIC~1DMCache
2009-04-23 13:29:47 -------- d-----w Crogram FilesFlashGet
2009-04-18 15:08:21 -------- d-----w Crogram FilesTechSmith
2009-04-18 15:07:32 -------- d-----w Crogram FilesEmE***or3
2009-04-15 13:47:42 -------- d-----w COCUME~1LenovoAPPLIC~1AdobeUM
2009-03-08 01:20:21 -------- d-----w Crogram FilesCommon FilesAdobe Systems Shared
2009-03-06 05:43:34 47,590,294 -c--a-w C:WINDOWSsystem32driversSysLib.sys
2009-03-06 05:43:34 -------- d-----w Crogram FilesBkav2006
2009-03-06 05:43:33 49,189 -c--a-w C:WINDOWSsystem32driversBkavAuto.sys
2009-03-04 11:05:43 -------- d-----w COCUME~1LenovoAPPLIC~1IDM
2009-02-15 13:38:14 688 -c--a-w C:WINDOWSsystem32userinit.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]
{0055C089-8582-441B-A0BF-17B458C2A3A8}=D:SetupInternetIDM 5.11 Build 6 FixedIDMIECC.dll [2004-01-01 01:06]
{00C6482D-C502-44C8-8409-FCE54AD9C208}=Crogram FilesTechSmithSnagIt 9SnagItBHO.dll [2008-09-16 05:26]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=Crogram FilesYahoo!CompanionInstallscpnyt.dll [2007-10-20 04:56]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 01:56]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=Crogram FilesFlashGetjccatch.dll [2007-06-28 17:11]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=Crogram FilesAVGAVG8avgssie.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=Crogram FilesJavajre1.6.0_07inssv.dll [2008-06-10 04:27]
{AE7CD045-E861-484f-8273-0445EE161910}=Crogram FilesAdobeAcrobat 7.0AcrobatAcroIEFa***ient.dll [2004-12-14 02:13]
{F156768E-81EF-470C-9057-481BA8380DBA}=Crogram FilesFlashGetgetflash.dll [2007-05-18 23:13]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"UniKey"="Crogram FilesUniKeyUniKey.exe" [2006-04-19 06:55]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-08 07:00]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpolicie***plorerRun]
"winmgmt"=C:WINDOWSsystem32wmiprvse.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpolicie***plorerRun]
"winmgmt"=C:WINDOWSsystem32wmiprvse.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon
otifyLMIinit]
LMIinit.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupAdobe Acrobat Speed Launcher.lnk
backup=C:WINDOWSpssAdobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupAdobe Gamma Loader.lnk
backup=C:WINDOWSpssAdobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupBlueSoleil.lnk
backup=C:WINDOWSpssBlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupBluetooth.lnk
backup=C:WINDOWSpssBluetooth.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^EmE***or v3.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupEmE***or v3.lnk
backup=C:WINDOWSpssEmE***or v3.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 9.lnk]
path=Cocuments and SettingsAll UsersStart MenuProgramsStartupSnagIt 9.lnk
backup=C:WINDOWSpssSnagIt 9.lnkCommon Startup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Lenovo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=Cocuments and SettingsLenovoStart MenuProgramsStartupMagicDisc.lnk
backup=C:WINDOWSpssMagicDisc.lnkStartup
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 7.0]
"Crogram FilesAdobeAcrobat 7.0DistillrAcrotray.exe"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregApoint]
Crogram FilesApoint2KApoint.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG8_TRAY]
CROGRA~1AVGAVG8avgtray.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAzMixerSel]
Crogram FilesRealtekInstallShieldAzMixerSel.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBkavFw]
Crogram FilesBkav2006Bkav2006.exe TASKBAR
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBroadcom Wireless Manager UI]
C:WINDOWSsystem32WLTRAY.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
C:WINDOWSsystem32ctfmon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDataLayer]
CROGRA~1COMMON~1PCSuiteDATALA~1DATALA~1.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEnergyCut]
Crogram FilesLenovoEnergyCutEnergyCut.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEnergyUtility]
Crogram FilesLenovoEnergyCututilty.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEzButton]
CROGRA~1EzButtonEzButton.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFlashget]
"Crogram FilesFlashGetFlashGet.exe" /min
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHigh Definition Audio Property Page Shortcut]
HDAShCut.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHotKeysCmds]
C:WINDOWSsystem32hkcmd.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIDMan]
D:SetupInternetIDM 5.11 Build 6 FixedIDMan.exe /onboot
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIgfxTray]
C:WINDOWSsystem32igfxtray.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
%systemroot%system32dumprep 0 -k
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregkvasoft]
C:WINDOWSsystem32kvosoft.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogMeIn GUI]
"Crogram FilesLogMeInx86LogMeInSystray.exe"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
"Crogram FilesMessengermsmsgs.exe" /background
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
"Crogram Filesmtd2002"mtdserver.exe -f
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:WINDOWSsystem32NeroCheck.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNorton Ghost 14.0]
"Crogram FilesNorton GhostAgentVProTray.exe"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCSuiteTrayApplication]
CROGRA~1NokiaNOKIAP~1TRAYAP~1.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPersistence]
C:WINDOWSsystem32igfxpers.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPMHandler]
C:WINDOWSsystem32PMHandler.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSDaemon]
C:WINDOWSsdaemon.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"Crogram FilesJavajre1.6.0_07injusched.exe"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSWd]
C:WINDOWSwinwd.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUniKey]
Crogram FilesUniKeyUniKey.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUSB Antivirus]
Crogram FilesUSB Disk SecurityUSBGuard.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregYahoo! Pager]
"Crogram FilesYahoo!MessengerYahooMessenger.exe" -quiet
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost *netsvcs*
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0033ad8a-998a-11dd-8138-001b38a358a4}]
AutoRuncommand- H:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013cfixer.exe
opencommand- H:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013cfixer.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{35e72379-a556-11dd-aa87-001b38a358a4}]
exploreCommand- G:forever.exe
openCommand- G:forever.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4b56e2ba-91ff-11dd-8111-00030d000001}]
exploreCommand- G:Images.exe
openCommand- G:Images.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4bce6218-9781-11dd-8132-001b38a358a4}]
AutoRuncommand- I:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013cfixer.exe
opencommand- I:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013cfixer.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8f3a1aeb-aec8-11dd-9e43-001cbfb46599}]
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLERdesktop.exe
ExploreCommand- G:RECYCLERdesktop.exe
OpenCommand- G:RECYCLERdesktop.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9a694d45-b474-11dd-bb74-001b38a358a4}]
exploreCommand- G:forever.exe
openCommand- G:forever.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e4cac59f-c44f-11dd-a3ee-001b38a358a4}]
exploreCommand- G:Images.exe
openCommand- G:Images.exe

********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 21:33:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLMSoftwareMicrosoftWindowsCurrentVersionPolicie***plorerRun
winmgmt = C:WINDOWSsystem32wmiprvse.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????|? ??????Q??|x???m??|???????|???????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2009-04-25 21:33:22
--- E O F ---