Poslao: 09 Maj 2009 16:43
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:50 PM, on 5/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap5.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Milos\Desktop\New Folder\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F4082100-F291-41E0-B63E-C06F6267F690} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1960408961-651377827-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1960408961-651377827-682003330-1003 Startup: Alienware News Feed.lnk = C:\Program Files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe (User '?')
O4 - Startup: Alienware News Feed.lnk = C:\Program Files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom &Out - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F31FF05B-3EA6-4E06-8257-D4CC5B714568}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnoLBrq - nnnoLBrq.dll (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9825 bytes
|
|
|
|
Poslao: 09 Maj 2009 17:46
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Mozes li malo da opises problem.
|
|
|
|
Poslao: 09 Maj 2009 17:52
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Mogu naravno. Skidao sam sa neta neki serial key i usao na neki sajt i kis2009 mi blokirao stranicu posto mi je trebao taj serial key ja ugasim kis i skinem to sa neta to sam instalirao (uglavnom komp se napunio pun virusa) i sve mi otislo dodjavola pukla konekcija ma sve sve.... ja restartovao komp ponovo ga upalio i sve poremeceno nece nista da se upali od programa nit da se konektujem na net. Jedva nekako upalim kis2009 stavim full scan i sve skenira 100% nadje dosta virusa i sve to ja pobrisem lepo. al i dalje sve otislo dodjavola i taman rekoh da rusim sistem kad mi pade na pamet da ugasim kis ja ugasim kis i sve mi se vrati u normalu ali bas sve. I onda posle nekog vremena upalim kis ono se sve sje*ava polako i vrace se kao onda a kis koristim odavno i nikada nisam imao takvih problema. Evmo mogu da opet upalim kis2009 da napravim scren shot sta se desava u kompu pa da postujem... ako je potrebno?
|
|
|
|
|
Poslao: 09 Maj 2009 18:33
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
ComboFix 09-05-08.03 - Milos 05/09/2009 18:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.262 [GMT 2:00]
Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Milos\Application Data\.#
c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837D8.###
c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837E8.###
c:\documents and settings\Milos\Application Data\.#\MBX@A90@3837F8.###
c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37D8.###
c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37E8.###
c:\documents and settings\Milos\Application Data\.#\MBX@D74@3D37F8.###
c:\documents and settings\Milos\Application Data\.#\MBX@FF8@3D37E8.###
c:\documents and settings\Milos\Application Data\.#\MBX@FF8@3D37F8.###
c:\windows\IE4 Error Log.txt
c:\windows\msnimport.exe
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\azton.mt
c:\windows\system32\GiQtwyxx.ini
c:\windows\system32\GiQtwyxx.ini2
c:\windows\system32\hlrfeccy.ini
c:\windows\system32\kr_done1
c:\windows\system32\update
.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.
2009-05-09 15:21 . 2009-05-09 15:21 32768 ----a-w c:\windows\system32\sfaob.exe
2009-05-09 07:58 . 2009-05-09 07:58 245 ----a-w c:\windows\tmp73431046.bat
2009-05-09 07:58 . 2009-05-09 07:58 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-08 17:58 . 2009-05-08 17:58 -------- d-sh--w c:\documents and settings\Milos\PrivacIE
2009-05-08 11:43 . 2009-05-08 11:43 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-08 11:35 . 2009-05-08 11:35 -------- d-sh--w c:\documents and settings\Milos\IETldCache
2009-05-08 11:25 . 2009-05-08 11:27 -------- dc-h--w c:\windows\ie8
2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Opera
2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\program files\Opera
2009-05-07 11:54 . 2009-05-09 15:32 -------- d-----w c:\program files\Mozilla Firefox 3.5 Beta 4
2009-05-02 08:13 . 2009-05-02 08:13 -------- d-----w c:\documents and settings\All Users\Application Data\3B271
2009-05-01 23:53 . 2008-09-20 20:19 213504 ----a-w c:\windows\system32\libssl32.dll
2009-05-01 18:25 . 2009-05-04 12:41 -------- d-----w c:\program files\No-IP
2009-05-01 14:33 . 2009-05-01 14:33 2 ---h--w c:\windows\t55ft2692f44.dat
2009-05-01 14:33 . 2009-05-01 15:55 -------- d-----w c:\windows\system32\796525
2009-05-01 14:30 . 2009-05-07 12:44 -------- d-----w c:\program files\ACSPMonitor
2009-05-01 00:56 . 2003-11-04 13:11 159744 ----a-w c:\windows\system32\lfpng13n.dll
2009-04-30 20:31 . 1999-04-08 09:18 49152 ----a-w c:\windows\system32\_ISREG32.DLL
2009-04-30 20:31 . 1999-08-18 07:54 180224 ----a-w c:\windows\system32\Ijl11.dll
2009-04-30 20:31 . 2000-03-06 13:17 32768 ----a-w c:\windows\system32\kbhook.dll
2009-04-30 20:31 . 2002-04-04 15:16 32768 ----a-w c:\windows\system32\nsutil.exe
2009-04-30 20:31 . 2004-03-04 09:13 110592 ----a-w c:\windows\system32\nsys.exe
2009-04-30 20:31 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe
2009-04-30 18:03 . 2009-04-30 18:03 -------- d-----w c:\documents and settings\Milos\2009-04-30-21-03-51
2009-04-30 17:46 . 2009-04-30 17:46 -------- d-----w c:\documents and settings\Milos\2009-04-30-20-46-40
2009-04-30 17:24 . 2009-04-30 17:24 -------- d-----w c:\program files\SnadBoy's Revelation v2
2009-04-28 12:46 . 2009-04-28 12:46 -------- d-----w c:\documents and settings\All Users\Application Data\03D8
2009-04-28 12:44 . 2009-05-04 11:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\BearShare
2009-04-28 12:43 . 2009-04-28 12:45 -------- d-----w c:\program files\BearShare Applications
2009-04-27 13:27 . 2009-04-30 23:28 -------- d-----w c:\documents and settings\Milos\Application Data\Hamachi
2009-04-27 13:26 . 2009-04-27 13:26 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-26 20:52 . 2002-06-19 10:19 91136 ----a-w c:\windows\system32\msls2.dll
2009-04-25 12:06 . 2009-04-25 12:28 -------- d-----w c:\program files\SHOUTcast
2009-04-23 15:23 . 2009-04-23 15:23 -------- d-----w c:\program files\Mz_CpuAcc
2009-04-19 15:24 . 2001-08-17 12:55 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll
2009-04-19 15:24 . 2004-08-04 12:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll
2009-04-19 15:24 . 2004-08-04 12:00 10240 -c--a-w c:\windows\system32\dllcache\aspperf.dll
2009-04-19 15:24 . 2001-08-17 10:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys
2009-04-19 15:22 . 2001-08-17 10:20 96256 -c--a-w c:\windows\system32\dllcache\ac97intc.sys
2009-04-19 15:20 . 2008-04-13 20:06 231552 -c--a-w c:\windows\system32\dllcache\ac97ali.sys
2009-04-19 15:20 . 2004-08-04 12:00 23552 -c--a-w c:\windows\system32\dllcache\abp480n5.sys
2009-04-19 15:20 . 2001-08-17 20:36 462848 -c--a-w c:\windows\system32\dllcache\a3dapi.dll
2009-04-19 15:20 . 2001-08-17 20:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll
2009-04-19 15:20 . 2001-08-17 12:55 38400 -c--a-w c:\windows\system32\dllcache\8514a.dll
2009-04-19 15:20 . 2008-04-13 22:16 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-04-19 15:20 . 2008-04-13 22:10 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys
2009-04-19 15:20 . 2001-08-17 10:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys
2009-04-19 15:20 . 2001-08-17 12:55 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll
2009-04-19 15:20 . 2001-08-17 11:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys
2009-04-19 15:20 . 2004-08-04 12:00 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys
2009-04-19 15:20 . 2008-04-13 22:16 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys
2009-04-19 15:19 . 2004-08-04 12:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-19 15:19 . 2001-08-17 12:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-19 15:19 . 2009-02-06 11:06 2145280 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-19 15:18 . 2004-08-04 12:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll
2009-04-19 15:18 . 2004-08-04 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-04-19 15:18 . 2004-08-04 12:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll
2009-04-19 15:18 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll
2009-04-19 15:18 . 2004-08-04 12:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe
2009-04-19 15:18 . 2004-08-04 12:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-15 11:22 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:22 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 11:22 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:22 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:22 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:22 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 11:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 11:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 14:11 . 2009-04-13 14:11 180224 ----a-w c:\windows\system32\WinVd32.sys
2009-04-13 14:11 . 2009-04-13 14:11 16896 ----a-w c:\windows\system32\WinFl32.sys
2009-04-11 19:45 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\tsbyuv.dll
2009-04-11 19:45 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\tsbyuv.dll
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\EffectResources
2009-04-11 15:29 . 2000-10-31 10:00 307200 ----a-w c:\windows\vidcap32.Exe
2009-04-11 15:29 . 2005-08-08 12:37 24576 ----a-w c:\windows\VMPipe.dll
2009-04-11 15:29 . 2006-10-11 16:40 57344 ----a-w c:\windows\Sti305.exe
2009-04-11 15:29 . 2005-05-18 08:55 32768 ----a-w c:\windows\VMZoom.exe
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\CatRoot
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\program files\Vimicro
2009-04-11 15:26 . 2005-08-08 08:36 114688 ----a-r c:\windows\VM305Cap.exe
2009-04-11 15:26 . 2006-06-28 09:54 49152 ----a-w c:\windows\Domino.EXE
2009-04-11 15:26 . 2006-06-28 09:39 49152 ----a-w c:\windows\VMSnap5.EXE
2009-04-11 15:26 . 2005-05-03 07:51 176128 ----a-r c:\windows\amcap.exe
2009-04-11 15:26 . 2005-08-05 10:36 81920 ----a-r c:\windows\system32\VM305STI.dll
2009-04-11 15:26 . 2006-08-10 04:32 391737 ----a-r c:\windows\system32\drivers\usbVM305.sys
2009-04-11 15:12 . 2008-04-13 22:46 141056 -c--a-w c:\windows\system32\dllcache\ks.sys
2009-04-11 15:12 . 2008-04-13 22:46 141056 ----a-w c:\windows\system32\drivers\ks.sys
2009-04-11 15:12 . 2008-04-14 03:42 294912 ----a-w c:\windows\system32\msh263.drv
2009-04-11 15:12 . 2008-04-14 03:42 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-11 15:12 . 2008-04-14 03:42 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-11 15:12 . 2008-04-14 03:42 16896 -c--a-w c:\windows\system32\dllcache\msyuv.dll
2009-04-11 15:12 . 2008-04-14 03:42 16896 ----a-w c:\windows\system32\msyuv.dll
2009-04-11 15:12 . 2008-04-14 04:41 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-11 15:12 . 2008-04-14 03:41 47616 -c--a-w c:\windows\system32\dllcache\iyuv_32.dll
2009-04-11 15:12 . 2008-04-14 03:41 47616 ----a-w c:\windows\system32\iyuv_32.dll
2009-04-10 17:20 . 2009-04-10 17:20 -------- d-----w c:\documents and settings\Milos\Application Data\Sports Interactive
2009-04-10 11:14 . 2009-04-10 11:14 -------- d-----w c:\program files\Sports Interactive
2009-04-10 04:54 . 2009-04-10 10:24 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w C:\ProgramData
2009-04-10 04:47 . 2009-04-10 04:47 816 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 16:13 . 2008-12-05 11:36 942112 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-09 16:13 . 2008-12-05 11:36 5348 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-09 16:10 . 2008-12-05 11:36 4469280 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-09 16:10 . 2008-12-05 11:36 37044 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 15:46 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-09 15:21 . 2009-01-28 00:33 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-09 08:03 . 2004-08-04 12:00 112640 ----a-w c:\windows\system32\services.exe
2009-05-09 08:03 . 2004-08-04 12:00 14336 ----a-w c:\windows\system32\lsass.exe
2009-05-09 08:02 . 2004-08-04 12:00 58368 ----a-w c:\windows\system32\spoolsv.exe
2009-05-09 08:02 . 2004-08-04 12:00 1035776 ----a-w c:\windows\explorer.exe
2009-05-09 08:02 . 2004-08-04 12:00 16896 ----a-w c:\windows\system32\svchost.exe
2009-05-09 08:01 . 2004-08-04 12:00 578560 ----a-w c:\windows\system32\user32.DLL
2009-05-08 18:03 . 2009-01-08 03:28 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-07 18:05 . 2009-01-16 20:38 -------- d-----w c:\program files\Xilisoft
2009-05-07 11:53 . 2008-12-09 00:23 -------- d-----w c:\program files\Notepad++
2009-05-07 00:24 . 2008-11-09 17:21 -------- d-----w c:\program files\MessengerDiscovery
2009-05-04 12:44 . 2008-11-13 13:02 -------- d-----w c:\program files\EA SPORTS
2009-05-04 12:42 . 2009-04-09 15:36 -------- d-----w c:\program files\PokerRoom.com
2009-05-02 01:03 . 2009-03-18 21:38 5 ----a-w c:\windows\sbacknt.bin
2009-05-01 14:36 . 2004-08-04 12:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-25 12:06 . 2008-11-10 00:22 -------- d-----w c:\program files\Winamp
2009-04-19 16:46 . 2008-12-13 14:43 -------- d-----w c:\program files\AlienGUIse
2009-04-18 12:35 . 2008-12-05 11:37 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-18 12:35 . 2008-12-05 11:37 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-11 15:29 . 2008-11-09 15:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 15:29 . 2008-11-09 15:47 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 19:52 . 2009-02-27 12:37 -------- d-----w c:\program files\Pool Sharks
2009-04-09 15:35 . 2009-04-09 15:33 -------- d-----w c:\program files\VPHoldem
2009-04-09 15:32 . 2009-04-09 15:29 -------- d-----w c:\program files\PacificPoker
2009-04-01 13:10 . 2008-11-09 17:11 -------- d-----w c:\program files\Google
2009-03-29 19:38 . 2009-03-29 19:38 -------- d-----w c:\program files\Ventrilo
2009-03-29 19:37 . 2009-03-29 19:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 17:23 . 2009-03-23 17:18 -------- d-----w c:\program files\Counter-Strike 1.6
2009-03-18 21:36 . 2009-03-18 21:36 -------- d-----w c:\program files\vghd
2009-03-18 21:36 . 2009-03-18 21:36 152904 ----a-w c:\windows\system32\vghd.scr
2009-03-16 02:09 . 2009-03-16 02:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 02:03 . 2008-11-29 00:01 -------- d-----w c:\program files\Skype
2009-03-14 16:59 . 2009-03-14 16:59 -------- d-----w c:\program files\MSN Content Plus Inc
2009-03-14 15:13 . 2008-11-09 17:18 -------- d-----w c:\program files\Windows Live
2009-03-14 15:10 . 2008-11-09 15:47 47296 ----a-w c:\documents and settings\Milos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-12 12:42 . 2009-02-12 12:42 5501 ----a-w c:\windows\system32\rtclcmg32.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.
------- Sigcheck -------
[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 04:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2009-05-09 08:02 16896 7F7B9914B3588D75C7B46BE8CB412DD0 c:\windows\system32\svchost.exe
[-] 2009-05-09 08:02 1035776 C6B24430B36E0F65D1D05EC3C1E2DB09 c:\windows\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2008-04-14 04:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 04:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-05-09 08:03 112640 BC0C7A7143DFDC6492FEC02015415784 c:\windows\system32\services.exe
[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 04:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2009-05-09 08:03 14336 88E05A76833D83A9065A2EC5132DEEF4 c:\windows\system32\lsass.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 04:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2009-05-09 08:02 58368 66E74B8C4FB0BB22E75F9C2CFB4B1477 c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-11-10 57344]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"VMSnap5"="c:\windows\VMSnap5.EXE" [2006-06-28 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Milos\Start Menu\Programs\Startup\
Alienware News Feed.lnk - c:\program files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe [2009-1-9 523952]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GoogleUpdate.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IoctlSvc.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jqs.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LSSrvc.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NBService.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvsvc32.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ULCDRSvr.exe]
"Debugger"=rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"d:\\Program Files\\Achilles-Script 4.5 White\\Mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"4357:TCP"= 4357:TCP:WWW
R2 zdmlebnjc;zdmlebnjc; [x]
R3 FXDRV;FXDRV; [x]
R3 WFIOCTL;WFIOCTL; [x]
S0 HFXP2;HFXP2; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver; [x]
S2 BT848;WinFast TV2000 XP WDM Video Capture; [x]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; [x]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; [x]
S3 KLFLTDEV;Kaspersky Lab KLFltDev; [x]
S3 klim5;Kaspersky Anti-Virus NDIS Filter; [x]
S3 ZSMC0305;Vimicro USB PC Camera (VC0305); [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - a347bus
*Deregistered* - a347scsi
*Deregistered* - adfs
*Deregistered* - AFD
*Deregistered* - atapi
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HFXP2
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - kl1
*Deregistered* - klbg
*Deregistered* - KLIF
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - Srv
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WZCSVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zdmlebnjc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f2a03aa-bf9f-11dd-a96f-001558156083}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-02-09 c:\windows\Tasks\WinXP Manager - Auto Shutdown.job
- d:\program files\Yamicsoft\WinXP Manager\ShutDownCommand.exe [2006-09-27 04:16]
.
- - - - ORPHANS REMOVED - - - -
BHO-{F4082100-F291-41E0-B63E-C06F6267F690} - (no file)
HKLM-Run-BigDog305 - c:\windows\VM305_STI.EXE
Notify-nnnoLBrq - nnnoLBrq.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &Web Search - c:\windows\WEB\selsearch.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom &Out - c:\windows\WEB\zoomout.htm
Trusted Zone: microsoft.com\office
TCP: {F31FF05B-3EA6-4E06-8257-D4CC5B714568} = 195.66.160.1 195.66.160.2
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\mdqgtdii.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 18:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
Completion time: 2009-05-09 18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-09 16:19
Pre-Run: 18,778,796,032 bytes free
Post-Run: 18,707,689,472 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
454 --- E O F --- 2009-04-25 21:39
|
|
|
|
|
Poslao: 09 Maj 2009 20:28
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
argus ::Pronadji ova dva fajla
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
i posalji na upload preko sledeceg linka
http://www.mycity.rs/ambulanta-upload.php
Uploadovao sam tri fajla dva sam uploadovao koja treba a treci sam upoadovao svchost ali nije exe file to sam greskom sorry :-)
|
|
|
|
|
Poslao: 09 Maj 2009 20:41
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
hahahahaha :-D vazi brate ajd :-D
|
|
|
|
|