MyCity » Ambulanta -> Arhiva Ambulante » generic host process for win32 services sp3 :?:

generic host process for win32 services sp3 :?:

Napisano na dan: 11.2.2011

generic host process for win32 services sp3 :?:

Sledeća strana

Pagination

Odgovori

katanaa Poslao: 11 Feb 2011 12:24 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 11 Feb 2011 10:06 blokira mi Internet i nonstop izbacuse dont send Dopuna: 11 Feb 2011 11:45 DDS (Ver_10-12-12.02) - NTFSx86 Run by SERVIS at 11:36:07.01 on Fri 02/11/2011 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1342 [GMT 1:00] AV: ESET Smart Security 4.2 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\T-Mobile Internet Manager\UIExec.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\SERVIS\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ udefault_page_url = hxxp://www.microsoft.com mDefault_Page_URL = hxxp://www.microsoft.com mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i mRun: [conime.exe] conime.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe" mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Cleanup] C:\cleanup.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.1.119/dcsclictrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\servis\applic~1\mozilla\firefox\profiles\gny0hw9j.default\ FF - prefs.js: browser.startup.homepage - google.com FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-3 363344] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376] R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2010-12-2 241664] R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2010-7-5 1310720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-3 20952] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-3 38224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-15 1714176] S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-2 7680] S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2010-12-13 323328] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2011-02-11 09:31:33 54016 ----a-w- c:\windows\system32\drivers\jwuypqh.sys 2011-02-11 09:11:13 1535 ----a-w- C:\backup.reg 2011-02-11 09:11:12 61440 ----a-w- c:\windows\system32\drivers\azmgh.sys 2011-02-11 09:11:12 574 ----a-w- C:\cleanup.bat 2011-02-11 09:11:12 19286 ----a-w- C:\cleanup.exe 2011-02-11 09:11:12 135168 ----a-w- C:\zip.exe 2011-02-10 08:33:20 712704 ----a-w- c:\windows\system\c6501a3d.dll 2011-02-10 08:33:20 712704 ----a-w- c:\windows\system\a3d.dll 2011-02-10 08:33:20 53248 ----a-w- c:\windows\system32\C6501rm.dll 2011-02-10 08:33:20 274432 ----a-w- c:\windows\system32\C6501rm.exe 2011-02-10 08:33:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-02-10 08:33:19 32768 ----a-w- c:\windows\system32\c6501prop.dll 2011-02-08 09:09:02 -------- d-----w- c:\program files\CPUID 2011-02-07 17:53:05 -------- d-s---w- c:\windows\Downloaded Program Files 2011-02-03 10:18:42 -------- d-----w- c:\docume~1\servis\applic~1\Malwarebytes 2011-02-03 10:18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-03 10:18:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-03 10:18:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-03 10:18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-03 08:43:30 -------- d-----w- c:\program files\common files\ParetoLogic 2011-02-03 08:43:29 -------- d-----w- c:\program files\ParetoLogic 2011-02-03 08:32:07 -------- d-----w- c:\docume~1\servis\applic~1\DriverCure 2011-02-03 08:32:06 -------- d-----w- c:\docume~1\servis\applic~1\ParetoLogic 2011-02-03 08:31:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic 2011-02-02 12:17:27 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-02-02 12:17:27 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-02 11:20:58 -------- d-----w- c:\windows\ServicePackFiles 2011-02-02 11:20:31 19569 ----a-w- c:\windows\000001_.tmp 2011-02-02 10:25:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2011-02-02 10:06:12 -------- d-----w- c:\program files\CheckPoint 2011-02-02 10:05:40 -------- d-----w- c:\windows\Internet Logs 2011-02-02 09:26:36 -------- d-----w- c:\program files\Sunbelt Software 2011-02-02 09:08:25 -------- d-sh--w- C:\RECYCLER(2) 2011-02-01 08:51:37 -------- d-----w- c:\docume~1\servis\applic~1\ooVoo Details 2011-01-31 13:59:40 -------- d-----w- c:\docume~1\servis\applic~1\MAXON 2011-01-31 13:40:07 -------- d-----w- c:\program files\AMD 2011-01-31 13:39:40 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\Downloaded Installations 2011-01-31 09:39:05 -------- d-----w- c:\program files\USB Disk Security 2011-01-30 13:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-01-29 10:18:04 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\assembly 2011-01-29 10:17:46 -------- d-----w- c:\program files\NCSoft 2011-01-29 10:16:58 -------- d-----w- c:\docume~1\servis\applic~1\GetRightToGo 2011-01-26 10:15:54 -------- d-----w- c:\program files\Lavalys 2011-01-25 15:57:44 -------- d-----w- c:\windows\SHELLNEW 2011-01-25 15:36:29 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\Microsoft Help 2011-01-25 14:23:16 59928 ----a-w- c:\windows\system32\fxcompchannel.dll 2011-01-25 14:23:16 331776 ----a-r- c:\windows\system32\hppcpr13.dll 2011-01-25 14:23:16 273408 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp6bu.DLL 2011-01-25 14:23:16 149504 ----a-w- c:\windows\system32\hpcpn6bu.dll 2011-01-25 13:46:05 -------- d-----w- c:\program files\HP 2011-01-25 13:46:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-25 13:46:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-25 13:40:15 -------- d-sh--w- c:\windows\ftpcache 2011-01-15 12:39:36 82854760 ----a-w- c:\program files\common files\windows live\.cache\wlcD0C.tmp ==================== Find3M ==================== 2011-02-08 14:06:01 6656 ----a-w- c:\windows\system32\lpcio.dll 2010-12-14 13:43:44 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2010-12-14 13:39:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll ============= FINISH: 11:36:29.85 =============== mycity.rs/must-login.png Dopuna: 11 Feb 2011 12:16 mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png Dopuna: 11 Feb 2011 12:24 RootRepeal kad pokrenem restartuje mi se komp

Profil

diarno Poslao: 11 Feb 2011 12:26 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Za tu tvoju gresku moze biti mnogo uzroka a izmedju ostalog i malware. Da pogledamo malo dublje : Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

katanaa Poslao: 11 Feb 2011 12:38 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-02-09.05 - SERVIS 02/11/2011 12:35:21.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1588 [GMT 1:00] Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 Disabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\twunk_32.exe . ((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 ))))))))))))))))))))))))))))))) . 2011-02-10 08:39 . 2011-02-10 16:24 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Winamp 2011-02-10 08:33 . 2007-06-28 08:02 274432 ----a-w- c:\windows\system32\C6501rm.exe 2011-02-10 08:33 . 2005-12-27 07:23 53248 ----a-w- c:\windows\system32\C6501rm.dll 2011-02-10 08:33 . 2004-08-18 10:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-02-10 08:33 . 2001-11-24 02:08 712704 ----a-w- c:\windows\system\c6501a3d.dll 2011-02-10 08:33 . 2001-11-24 02:08 712704 ----a-w- c:\windows\system\a3d.dll 2011-02-10 08:33 . 2006-06-28 04:54 32768 ----a-w- c:\windows\system32\c6501prop.dll 2011-02-08 09:09 . 2011-02-08 15:52 -------- d-----w- c:\program files\CPUID 2011-02-07 17:53 . 2011-02-07 17:53 -------- d-s---w- c:\windows\Downloaded Program Files 2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Malwarebytes 2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-03 10:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-03 10:18 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-03 08:43 . 2011-02-03 08:43 -------- d-----w- c:\program files\Common Files\ParetoLogic 2011-02-03 08:43 . 2011-02-03 08:43 -------- d-----w- c:\program files\ParetoLogic 2011-02-03 08:32 . 2011-02-03 08:32 -------- d-----w- c:\documents and settings\SERVIS\Application Data\DriverCure 2011-02-03 08:32 . 2011-02-03 08:32 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ParetoLogic 2011-02-03 08:31 . 2011-02-03 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2011-02-02 12:17 . 2011-02-02 12:17 -------- d-----w- c:\windows\system32\wbem\Repository 2011-02-02 12:16 . 2011-02-02 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2011-02-02 11:20 . 2011-02-02 11:22 -------- d-----w- c:\windows\ServicePackFiles 2011-02-02 11:20 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp 2011-02-02 10:25 . 2011-02-02 10:25 -------- d-----w- c:\program files\Alwil Software 2011-02-02 10:25 . 2011-02-02 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2011-02-02 10:06 . 2011-02-02 10:06 -------- d-----w- c:\program files\CheckPoint 2011-02-02 10:05 . 2011-02-02 12:16 -------- d-----w- c:\windows\Internet Logs 2011-02-02 09:26 . 2011-02-02 09:26 -------- d-----w- c:\program files\Sunbelt Software 2011-02-02 09:08 . 2011-02-02 12:16 -------- d-----w- C:\RECYCLER(2) 2011-02-01 08:51 . 2011-02-01 08:51 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ooVoo Details 2011-01-31 13:59 . 2011-01-31 13:59 -------- d-----w- c:\documents and settings\SERVIS\Application Data\MAXON 2011-01-31 13:40 . 2011-01-31 13:40 -------- d-----w- c:\program files\AMD 2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Downloaded Installations 2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\program files\USB Disk Security 2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-01-29 10:18 . 2011-01-29 10:18 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\assembly 2011-01-29 10:17 . 2011-01-29 10:20 -------- d-----w- c:\program files\NCSoft 2011-01-29 10:16 . 2011-01-29 10:17 -------- d-----w- c:\documents and settings\SERVIS\Application Data\GetRightToGo 2011-01-28 10:29 . 2011-01-28 10:29 -------- d-----w- c:\program files\Common Files\Skype 2011-01-26 10:15 . 2011-01-26 10:15 -------- d-----w- c:\program files\Lavalys 2011-01-25 15:57 . 2011-01-25 15:57 -------- d-----w- c:\windows\SHELLNEW 2011-01-25 15:36 . 2011-01-25 15:36 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Microsoft Help 2011-01-25 15:36 . 2011-01-25 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2011-01-25 14:24 . 2011-01-26 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2011-01-25 14:23 . 2008-10-01 04:01 331776 ----a-r- c:\windows\system32\hppcpr13.dll 2011-01-25 14:23 . 2008-07-23 12:01 273408 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6bu.DLL 2011-01-25 14:23 . 2008-07-23 12:01 149504 ----a-w- c:\windows\system32\hpcpn6bu.dll 2011-01-25 14:23 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll 2011-01-25 13:46 . 2011-01-25 14:19 -------- dc----w- c:\windows\system32\DRVSTORE 2011-01-25 13:46 . 2011-01-25 14:24 -------- d-----w- c:\program files\HP 2011-01-25 13:46 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-01-25 13:46 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-01-25 13:40 . 2011-01-25 13:40 -------- d-sh--w- c:\windows\ftpcache 2011-01-15 12:39 . 2011-01-15 12:39 82854760 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcD0C.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-08 14:06 . 2008-04-14 02:41 6656 ----a-w- c:\windows\system32\lpcio.dll 2010-12-14 13:43 . 2010-12-03 17:09 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2010-12-14 13:39 . 2010-12-03 17:09 29504 ----a-w- c:\windows\system32\uxtuneup.dll . ------- Sigcheck ------- [-] 2009-03-15 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000] "TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "UIExec"="c:\program files\T-Mobile Internet Manager\UIExec.exe" [2009-03-11 131584] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 824224] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-08-29 15:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-20 13:42 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP::Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP::Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP::Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP::Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP::Disabled:ooVoo UDP port 37675 R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 7:31 PM 114984] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 7:31 PM 810120] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2011 11:18 AM 363344] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376] R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [7/5/2010 2:09 PM 1310720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2011 11:18 AM 20952] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager\AssistantServices.exe [12/2/2010 10:22 AM 241664] S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/15/2010 11:24 AM 1714176] S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/2/2010 10:22 AM 7680] S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [12/13/2010 1:43 PM 323328] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] --- Other Services/Drivers In Memory --- Deregistered* - BMLoad [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2010-10-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-SERVIS-COM-SERVIS.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-12 01:44] 2011-02-10 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01] 2011-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01] 2011-02-03 c:\windows\Tasks\PC Health Advisor Defrag.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:04] 2011-02-03 c:\windows\Tasks\PC Health Advisor.job - c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:04] 2011-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.microsoft.com mWindow Title = Microsoft Internet Explorer uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.1.119/dcsclictrl.cab FF - ProfilePath - c:\documents and settings\SERVIS\Application Data\Mozilla\Firefox\Profiles\gny0hw9j.default\ FF - prefs.js: browser.startup.homepage - google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - HKLM-Run-C6501Sound - c6501.cpl HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSConfigStartUp-USBScan - c:\program files\USBScan\USBScan.exe AddRemove-Advanced Crossfading - c:\program files\Winamp\plugins\unout_sqr2.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2011-02-11 12:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1614895754-1965331169-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB04BE3-C89D-C213-9FE9-DB87C3D1D04F}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oacakpnbblalmeeemhebjnfoklpkkk"=hex:6b,61,67,6a,6f,67,67,66,69,70,6d,6a,68,6d, 6e,70,6e,66,6f,67,65,6d,00,7c "namapjkieomebcjehdijnaabhbae"=hex:6b,61,67,6a,6f,67,67,66,69,70,6d,6a,68,6d, 6e,70,6e,66,6f,67,65,6d,00,7c [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] @DACL=(02 0000) @="Wireless" "ProcessGroupPolicy"="ProcessWIRELESSPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] @DACL=(02 0000) @="Folder Redirection" "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "DllName"=expand:"fdeploy.dll" "NoMachinePolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "NoGPOListChanges"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "GenerateGroupPolicy"="GenerateGroupPolicy" "EventSources"=multi:"(Folder Redirection,Application)\00\00" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @DACL=(02 0000) @="Microsoft Disk Quota" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=expand:"dskquota.dll" "ProcessGroupPolicy"="ProcessGroupPolicy" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] @DACL=(02 0000) @="QoS Packet Scheduler" "ProcessGroupPolicy"="ProcessPSCHEDPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] @DACL=(02 0000) @="Scripts" "ProcessGroupPolicy"="ProcessScriptsGroupPolicy" "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx" "GenerateGroupPolicy"="GenerateScriptsGroupPolicy" "DllName"=expand:"gptext.dll" "NoSlowLink"=dword:00000001 "NoGPOListChanges"=dword:00000001 "NotifyLinkTransition"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @DACL=(02 0000) @="Internet Explorer Zonemapping" "DllName"=expand:"iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=expand:"scecli.dll" @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] @DACL=(02 0000) "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=expand:"iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] @DACL=(02 0000) "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=expand:"scecli.dll" @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @DACL=(02 0000) @="802.3 Group Policy" "DisplayName"=expand:"@dot3gpclnt.dll,-100" "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=expand:"dot3gpclnt.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @DACL=(02 0000) @="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll" "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @DACL=(02 0000) @="Software Installation" "DllName"=expand:"appmgmts.dll" "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] @DACL=(02 0000) @="IP Security" "ProcessGroupPolicy"="ProcessIPSECPolicy" "DllName"=expand:"gptext.dll" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] @DACL=(02 0000) "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL" "Logon"="SABWINLOLogon" "Logoff"="SABWINLOLogoff" "Startup"="SABWINLOStartup" "Shutdown"="SABWINLOShutdown" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] @DACL=(02 0000) "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"crypt32.dll" "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] @DACL=(02 0000) "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=expand:"cryptnet.dll" "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] @DACL=(02 0000) "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] @DACL=(02 0000) "Asynchronous"=dword:00000001 "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll" "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] @DACL=(02 0000) "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=expand:"sclgntfy.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] @DACL=(02 0000) "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] @DACL=(02 0000) "Asynchronous"=dword:00000000 "DllName"=expand:"wlnotify.dll" "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] @DACL=(02 0000) "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] @DACL=(02 0000) "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 . Completion time: 2011-02-11 12:38:59 ComboFix-quarantined-files.txt 2011-02-11 11:38 Pre-Run: 10,267,455,488 bytes free Post-Run: 12,078,780,416 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 5B6D2C0D4FF65C77C41FF26D6F57FB5C

Profil

diarno Poslao: 12 Feb 2011 19:15 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Za pocetak deinstaliraj Paretologic softver i izaberi izmedju Ad-aware-a i Malwarebytes-a... Imas mnogo security softvera.. Moguce i oni da uticu ..

Profil

katanaa Poslao: 16 Feb 2011 09:08 Idi na vrh
offline katanaa Građanin Pridružio: 04 Avg 2009 Poruke: 166	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 14 Feb 2011 9:24 diarno ::Za pocetak deinstaliraj Paretologic softver i izaberi izmedju Ad-aware-a i Malwarebytes-a... Imas mnogo security softvera.. Moguce i oni da uticu .. pobrisao sam Paretologic i zasad se ne javlja problem ,sta da radim u slucaju da se ponovi ? Dopuna: 14 Feb 2011 9:26 samo sto sam poslao poruku ponovo se pojavi generic ? Dopuna: 16 Feb 2011 9:08 Ima li kakvog rezenja za ovaj moj problem ???

Profil

diarno Poslao: 16 Feb 2011 11:50 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa ovo nema veze sa malware-om.. mozes pomoc potrziti u windows podforumu.. pozzz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » generic host process for win32 services sp3 :?:

Ko je trenutno na forumu

Ukupno su 785 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 771 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Bubimir, Dorcolac, lcc, manda87, Marko Marković, marsovac 2, Milos82, panzerwaffe, Prometeus, ruger357, saputnik plavetnila, vukovi

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by