Премини към съдържанието

SilentScream

Потребител
  • Публикации

    178
  • Регистрация

  • Последно онлайн

Харесвания

3 Неутрална репутация

1 Последовател

Всичко за SilentScream

  • Титла
    Почетен потребител
  1. Аion сървъри, мнения и коментари

    В инфинити сървъра почти всичко си работи
  2. Аion сървъри, мнения и коментари

    Аз играя асмодян , пиша се Karateboy почти 49 ниво . Пишете ми ако ви трябва помощ .
  3. въпрос за температура на бойлер

    да не вариш нещо под душа ? :-D
  4. Експерти: Не купувайте хляб с Е-та!

    хахаха ,че аз ям по половин хляб на ядене
  5. Избор на въздушно оръжие

    Ако ще взимаш газов гледай да е револвер,щото другите засичат често .
  6. Избор м/у 2 авто компактдискове

    Кажи му да си купи аларма и тогава да слага тва...
  7. необяснимо напълняване

    http://zashto-kak.hit.bg/tibet.htm
  8. Всичко за Need for Speed Shift

    Има трейнъри ,аз си бях свалил 1 - даде ми $ 100 000 000 + 1 вирус и сега си карам lamborghini 970коня
  9. вече не засича , по - добре е . Благодаря ти!
  10. # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=f3e85db39be7a145834736fea22610d1 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-09-20 01:15:43 # local_time=2009-09-20 04:15:43 (+0200, FLE Daylight Time) # country="Bulgaria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1793 37 100 100 874316875000 # scanned=73963 # found=11 # cleaned=11 # scan_time=3736 C:\Documents and Settings\Petio\Desktop\unl-nfsstrn.exe a variant of Win32/Kryptik.AND trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Petio\Desktop\Need For Speed Shift PLUS 1 Trainer\Need For Speed Shift PLUS 1 Trainer.rar a variant of Win32/Kryptik.AND trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\[4]-Submit_2009-09-20_14.59.40.zip a variant of Win32/Kryptik.AMZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyuejfgliy.sys.vir a variant of Win32/Rootkit.Kryptik.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\sqkvi ;d\AAAAAAAAAAAAAAA\pozdravi.exe Win32/Skogazz.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E92BDB16-60E1-4627-BA01-23A951FF2204}\RP28\A0005504.dll Win32/Olmarik.MF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E92BDB16-60E1-4627-BA01-23A951FF2204}\RP28\A0006542.sys a variant of Win32/Rootkit.Kryptik.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E92BDB16-60E1-4627-BA01-23A951FF2204}\RP29\A0006661.exe a variant of Win32/Kryptik.AMZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E92BDB16-60E1-4627-BA01-23A951FF2204}\RP29\A0006812.exe a variant of Win32/Kryptik.AND trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E92BDB16-60E1-4627-BA01-23A951FF2204}\RP29\A0006813.exe Win32/Skogazz.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\instal\Nero7 Premium Reloaded v.7.5.9.1\Nero7.iso probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
  11. ComboFix 09-09-18.02 - Petio 09.2009 г. 14:59.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1565 [GMT 3:00] Running from: c:\documents and settings\Petio\Desktop\Tool.exe Command switches used :: c:\documents and settings\Petio\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\drivers\lqpmmn.sys" file zipped: c:\windows\system32\axietlicuw.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\axietlicuw.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AlerterAlerterAntiVirScheduler -------\Service_AlerterAlerterAntiVirScheduler ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-18 16:32 . 2008-04-13 21:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-09-18 16:32 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-09-18 16:32 . 2008-04-13 21:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2009-09-18 16:32 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-09-18 16:32 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys 2009-09-18 16:32 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2009-09-18 16:32 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-09-18 16:32 . 2008-04-13 21:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2009-09-18 16:32 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-09-18 16:31 . 2008-04-13 21:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2009-09-18 16:31 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-09-18 16:31 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-09-18 16:31 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-09-18 16:29 . 2006-09-19 06:07 827392 ----a-w- c:\windows\vsnpstd3.exe 2009-09-18 16:29 . 2004-06-15 12:18 53248 ----a-w- c:\windows\system32\dsnpstd3.dll 2009-09-18 16:29 . 2009-09-18 16:29 -------- d-----w- c:\program files\Common Files\snpstd3 2009-09-18 16:29 . 2007-03-27 15:19 10252544 ----a-w- c:\windows\system32\drivers\snpstd3.sys 2009-09-18 16:29 . 2007-03-12 08:41 61440 ----a-w- c:\windows\system32\vsnpstd3.dll 2009-09-18 16:29 . 2005-11-23 09:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll 2009-09-18 16:29 . 2004-11-05 07:17 57344 ----a-w- c:\windows\system32\rsnpstd3.dll 2009-09-18 16:29 . 2004-08-06 12:48 20480 ----a-w- c:\windows\usnpstd3.exe 2009-09-18 16:22 . 2004-08-09 14:43 94208 ----a-w- c:\windows\amcap.exe 2009-09-18 16:20 . 2008-04-13 21:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-09-18 16:20 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-09-18 16:19 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-09-18 16:19 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-09-17 15:29 . 2009-09-17 15:29 -------- d-----w- c:\windows\system32\AGEIA 2009-09-17 15:29 . 2009-09-17 15:29 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 15:28 . 2009-09-17 15:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-17 15:18 . 2009-09-19 13:53 -------- d-----w- c:\program files\Need for Speed - Shift 2009-09-15 21:08 . 2009-09-16 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-15 21:07 . 2009-09-15 21:07 -------- d-sh--w- c:\documents and settings\Petio\PrivacIE 2009-09-13 10:16 . 2009-09-14 11:29 12328 ----a-w- c:\documents and settings\Petio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\Petio\Local Settings\Application Data\ATI 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\Petio\Application Data\ATI 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-09-13 09:53 . 2009-09-13 09:53 -------- d-----w- c:\documents and settings\Petio\Application Data\Media Player Classic 2009-09-13 09:51 . 2009-09-13 09:51 -------- d-----w- c:\documents and settings\Petio\Application Data\GRETECH 2009-09-13 09:20 . 2009-09-13 09:20 -------- d-----w- c:\program files\GRETECH 2009-09-13 09:14 . 2009-09-13 09:14 -------- d-----w- c:\program files\Elaborate Bytes 2009-09-13 08:52 . 2009-09-13 08:52 -------- d-----w- c:\program files\MSBuild 2009-09-13 08:52 . 2009-09-14 08:43 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-13 08:52 . 2009-09-13 08:52 -------- d-----w- c:\program files\Reference Assemblies 2009-09-13 08:52 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-09-11 17:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-09-11 17:59 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-09-11 17:50 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-11 17:50 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-09-11 17:50 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-09-11 17:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-09-11 17:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-09-11 17:08 . 2009-09-11 17:08 -------- d-----w- c:\windows\system32\Lang 2009-09-11 14:00 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2009-09-11 14:00 . 2006-07-22 04:40 143360 ----a-w- c:\windows\system32\RtlCPAPI.dll 2009-09-11 14:00 . 2009-09-11 14:00 -------- d-----w- c:\windows\system32\RTCOM 2009-09-11 14:00 . 2006-07-21 13:14 86016 ----a-w- c:\windows\SoundMan.exe 2009-09-11 14:00 . 2006-05-16 15:04 2879488 ----a-w- c:\windows\SkyTel.exe 2009-09-11 14:00 . 2006-09-12 16:27 4381184 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys 2009-09-11 14:00 . 2006-09-01 11:35 364544 ----a-w- c:\windows\RtlUpd.exe 2009-09-11 14:00 . 2006-05-04 13:35 9709568 ----a-w- c:\windows\RTLCPL.exe 2009-09-11 14:00 . 2006-09-12 13:58 16264192 ----a-w- c:\windows\RTHDCPL.exe 2009-09-11 14:00 . 2006-09-12 12:12 2155008 ----a-w- c:\windows\MicCal.exe 2009-09-11 14:00 . 2006-05-04 13:26 2808832 ----a-w- c:\windows\alcwzrd.exe 2009-09-11 13:14 . 2009-09-11 13:14 -------- d-----w- c:\program files\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 11:54 . 2009-09-11 10:04 -------- d-----w- c:\documents and settings\Petio\Application Data\Skype 2009-09-20 11:47 . 2008-04-23 15:38 1614848 ----a-w- c:\windows\system32\sfcfiles.dll 2009-09-19 15:39 . 2009-09-11 09:06 -------- d-----w- c:\documents and settings\Petio\Application Data\uTorrent 2009-09-19 15:15 . 2009-09-11 10:07 -------- d-----w- c:\documents and settings\Petio\Application Data\skypePM 2009-09-18 16:29 . 2009-09-11 08:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-13 09:53 . 2009-09-13 09:18 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-09-13 09:49 . 2009-09-13 09:21 -------- d-----w- c:\documents and settings\Petio\Application Data\Winamp 2009-09-13 09:24 . 2009-09-13 09:21 -------- d-----w- c:\program files\Winamp 2009-09-11 14:00 . 2009-09-11 08:59 -------- d-----w- c:\program files\Realtek 2009-09-11 10:07 . 2009-09-11 10:07 48 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\program files\Skype 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\program files\Common Files\Skype 2009-09-11 10:00 . 2009-09-11 10:00 -------- d-----w- c:\program files\Trend Micro 2009-09-11 09:50 . 2009-09-11 09:50 0 ----a-w- c:\windows\nsreg.dat 2009-09-11 09:45 . 2009-09-11 09:19 -------- d-----w- c:\program files\ATI 2009-09-11 09:20 . 2009-09-11 09:20 0 ----a-w- c:\windows\ativpsrm.bin 2009-09-11 09:20 . 2009-09-11 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 09:19 . 2009-09-11 09:18 -------- d-----w- c:\program files\ATI Technologies 2009-09-11 09:18 . 2009-09-11 09:15 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-11 09:17 . 2009-09-11 08:59 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-11 09:15 . 2009-09-11 09:15 -------- d-----w- c:\program files\Avira 2009-09-11 09:15 . 2009-09-11 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-11 09:11 . 2009-09-11 09:11 -------- d-----w- c:\documents and settings\Petio\Application Data\Malwarebytes 2009-09-11 09:11 . 2009-09-11 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-11 09:06 . 2009-09-11 09:06 -------- d-----w- c:\program files\uTorrent 2009-09-11 08:56 . 2009-09-11 08:56 -------- d-----w- c:\documents and settings\Petio\Application Data\InstallShield 2009-09-11 08:50 . 2009-09-11 08:50 -------- d-----w- c:\program files\microsoft frontpage 2009-09-11 08:49 . 2009-09-11 08:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-11 08:44 . 2009-09-11 08:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-10 11:54 . 2009-09-11 09:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 11:53 . 2009-09-11 09:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 15:08 . 2009-09-13 09:18 178176 ----a-w- c:\windows\system32\unrar.dll 2009-08-14 10:36 . 2009-08-14 10:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-05 09:01 . 2008-04-14 02:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2008-04-14 02:42 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2008-04-14 02:41 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-17 19:01 . 2008-04-14 02:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 00:15 . 2009-09-13 09:18 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-07-14 00:15 . 2009-09-13 09:18 685056 ----a-w- c:\windows\system32\divx.dll 2009-07-13 20:43 . 2008-04-14 02:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2008-04-14 02:42 915456 ------w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Downloads\\wrar39b1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S2 AlerterAntiVirScheduler;Alerter AlerterAntiVirScheduler;c:\windows\TEMP\axietlicuw.exe service --> c:\windows\TEMP\axietlicuw.exe service [?] S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lqpmmn.sys --> c:\windows\system32\drivers\lqpmmn.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Petio\Application Data\Mozilla\Firefox\Profiles\rnf5tfyn.default\ FF - prefs.js: browser.search.selectedEngine - Уикипедия (bg) FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 15:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(668) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-09-20 15:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-20 12:05 ComboFix2.txt 2009-09-20 11:25 Pre-Run: 30 516 666 368 bytes free Post-Run: 30 481 850 368 bytes free 243 --- E O F --- 2009-09-15 15:54
  12. ComboFix 09-09-18.02 - Petio 09.2009 г. 14:18.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1467 [GMT 3:00] Running from: c:\documents and settings\Petio\Desktop\Tool.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Alcmtr.exe c:\windows\system32\drivers\gasfkyuejfgliy.sys c:\windows\system32\gasfkydyebxnkm.dat c:\windows\system32\gasfkyitjcfmml.dat c:\windows\system32\gasfkyktpnlgtv.dll c:\windows\system32\gasfkyyxypixbo.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_gasfkyowujeyri -------\Service_gasfkyowujeyri ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-20 09:41 . 2009-09-19 15:40 33792 ----a-w- c:\windows\system32\axietlicuw.exe 2009-09-18 16:32 . 2008-04-13 21:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2009-09-18 16:32 . 2008-04-13 21:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-09-18 16:32 . 2008-04-13 21:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2009-09-18 16:32 . 2008-04-13 21:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2009-09-18 16:32 . 2008-04-13 21:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys 2009-09-18 16:32 . 2008-04-13 21:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-09-18 16:32 . 2008-04-13 21:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2009-09-18 16:32 . 2008-04-13 21:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-09-18 16:32 . 2008-04-13 21:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2009-09-18 16:32 . 2008-04-13 21:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-09-18 16:31 . 2008-04-13 21:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2009-09-18 16:31 . 2008-04-13 21:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-09-18 16:31 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-09-18 16:31 . 2008-04-14 02:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-09-18 16:29 . 2006-09-19 06:07 827392 ----a-w- c:\windows\vsnpstd3.exe 2009-09-18 16:29 . 2004-06-15 12:18 53248 ----a-w- c:\windows\system32\dsnpstd3.dll 2009-09-18 16:29 . 2009-09-18 16:29 -------- d-----w- c:\program files\Common Files\snpstd3 2009-09-18 16:29 . 2007-03-27 15:19 10252544 ----a-w- c:\windows\system32\drivers\snpstd3.sys 2009-09-18 16:29 . 2007-03-12 08:41 61440 ----a-w- c:\windows\system32\vsnpstd3.dll 2009-09-18 16:29 . 2005-11-23 09:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll 2009-09-18 16:29 . 2004-11-05 07:17 57344 ----a-w- c:\windows\system32\rsnpstd3.dll 2009-09-18 16:29 . 2004-08-06 12:48 20480 ----a-w- c:\windows\usnpstd3.exe 2009-09-18 16:22 . 2004-08-09 14:43 94208 ----a-w- c:\windows\amcap.exe 2009-09-18 16:20 . 2008-04-13 21:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-09-18 16:20 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-09-18 16:19 . 2008-04-13 21:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-09-18 16:19 . 2008-04-13 21:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-09-17 15:29 . 2009-09-17 15:29 -------- d-----w- c:\windows\system32\AGEIA 2009-09-17 15:29 . 2009-09-17 15:29 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 15:28 . 2009-09-17 15:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-17 15:18 . 2009-09-19 13:53 -------- d-----w- c:\program files\Need for Speed - Shift 2009-09-15 21:08 . 2009-09-16 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-15 21:07 . 2009-09-15 21:07 -------- d-sh--w- c:\documents and settings\Petio\PrivacIE 2009-09-15 21:07 . 2009-09-19 11:20 -------- d-----w- c:\documents and settings\Petio\Local Settings\Application Data\AskToolbar 2009-09-13 10:16 . 2009-09-14 11:29 12328 ----a-w- c:\documents and settings\Petio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\Petio\Local Settings\Application Data\ATI 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\Petio\Application Data\ATI 2009-09-13 10:15 . 2009-09-13 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-09-13 09:53 . 2009-09-13 09:53 -------- d-----w- c:\documents and settings\Petio\Application Data\Media Player Classic 2009-09-13 09:51 . 2009-09-13 09:51 -------- d-----w- c:\documents and settings\Petio\Application Data\GRETECH 2009-09-13 09:20 . 2009-09-13 09:20 -------- d-----w- c:\program files\Ask.com 2009-09-13 09:20 . 2009-09-13 09:20 -------- d-----w- c:\program files\GRETECH 2009-09-13 09:14 . 2009-09-13 09:14 -------- d-----w- c:\program files\Elaborate Bytes 2009-09-13 08:52 . 2009-09-13 08:52 -------- d-----w- c:\program files\MSBuild 2009-09-13 08:52 . 2009-09-14 08:43 -------- d-----w- c:\windows\system32\XPSViewer 2009-09-13 08:52 . 2009-09-13 08:52 -------- d-----w- c:\program files\Reference Assemblies 2009-09-13 08:52 . 2006-06-29 10:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-09-11 17:59 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-09-11 17:59 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-09-11 17:50 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-11 17:50 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-09-11 17:50 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-09-11 17:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-09-11 17:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-09-11 17:08 . 2009-09-11 17:08 -------- d-----w- c:\windows\system32\Lang 2009-09-11 14:00 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2009-09-11 14:00 . 2006-07-22 04:40 143360 ----a-w- c:\windows\system32\RtlCPAPI.dll 2009-09-11 14:00 . 2009-09-11 14:00 -------- d-----w- c:\windows\system32\RTCOM 2009-09-11 14:00 . 2006-07-21 13:14 86016 ----a-w- c:\windows\SoundMan.exe 2009-09-11 14:00 . 2006-05-16 15:04 2879488 ----a-w- c:\windows\SkyTel.exe 2009-09-11 14:00 . 2006-09-12 16:27 4381184 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys 2009-09-11 14:00 . 2006-09-01 11:35 364544 ----a-w- c:\windows\RtlUpd.exe 2009-09-11 14:00 . 2006-05-04 13:35 9709568 ----a-w- c:\windows\RTLCPL.exe 2009-09-11 14:00 . 2006-09-12 13:58 16264192 ----a-w- c:\windows\RTHDCPL.exe 2009-09-11 14:00 . 2006-09-12 12:12 2155008 ----a-w- c:\windows\MicCal.exe 2009-09-11 14:00 . 2006-05-04 13:26 2808832 ----a-w- c:\windows\alcwzrd.exe 2009-09-11 13:14 . 2009-09-11 13:14 -------- d-----w- c:\program files\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 10:50 . 2009-09-11 10:04 -------- d-----w- c:\documents and settings\Petio\Application Data\Skype 2009-09-19 15:39 . 2009-09-11 09:06 -------- d-----w- c:\documents and settings\Petio\Application Data\uTorrent 2009-09-19 15:15 . 2009-09-11 10:07 -------- d-----w- c:\documents and settings\Petio\Application Data\skypePM 2009-09-18 16:29 . 2009-09-11 08:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-13 09:53 . 2009-09-13 09:18 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-09-13 09:49 . 2009-09-13 09:21 -------- d-----w- c:\documents and settings\Petio\Application Data\Winamp 2009-09-13 09:24 . 2009-09-13 09:21 -------- d-----w- c:\program files\Winamp 2009-09-11 14:00 . 2009-09-11 08:59 -------- d-----w- c:\program files\Realtek 2009-09-11 10:07 . 2009-09-11 10:07 48 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\program files\Skype 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-09-11 10:04 . 2009-09-11 10:04 -------- d-----w- c:\program files\Common Files\Skype 2009-09-11 10:00 . 2009-09-11 10:00 -------- d-----w- c:\program files\Trend Micro 2009-09-11 09:50 . 2009-09-11 09:50 0 ----a-w- c:\windows\nsreg.dat 2009-09-11 09:45 . 2009-09-11 09:19 -------- d-----w- c:\program files\ATI 2009-09-11 09:20 . 2009-09-11 09:20 0 ----a-w- c:\windows\ativpsrm.bin 2009-09-11 09:20 . 2009-09-11 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 09:19 . 2009-09-11 09:18 -------- d-----w- c:\program files\ATI Technologies 2009-09-11 09:18 . 2009-09-11 09:15 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-11 09:17 . 2009-09-11 08:59 -------- d-----w- c:\program files\Common Files\InstallShield 2009-09-11 09:15 . 2009-09-11 09:15 -------- d-----w- c:\program files\Avira 2009-09-11 09:15 . 2009-09-11 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-11 09:11 . 2009-09-11 09:11 -------- d-----w- c:\documents and settings\Petio\Application Data\Malwarebytes 2009-09-11 09:11 . 2009-09-11 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-11 09:06 . 2009-09-11 09:06 -------- d-----w- c:\program files\uTorrent 2009-09-11 08:56 . 2009-09-11 08:56 -------- d-----w- c:\documents and settings\Petio\Application Data\InstallShield 2009-09-11 08:50 . 2009-09-11 08:50 -------- d-----w- c:\program files\microsoft frontpage 2009-09-11 08:49 . 2009-09-11 08:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-11 08:44 . 2009-09-11 08:44 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-10 11:54 . 2009-09-11 09:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 11:53 . 2009-09-11 09:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 15:08 . 2009-09-13 09:18 178176 ----a-w- c:\windows\system32\unrar.dll 2009-08-14 10:36 . 2009-08-14 10:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-05 09:01 . 2008-04-14 02:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2008-04-14 02:42 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:37 . 2008-04-14 02:41 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-17 19:01 . 2008-04-14 02:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 00:15 . 2009-09-13 09:18 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-07-14 00:15 . 2009-09-13 09:18 685056 ----a-w- c:\windows\system32\divx.dll 2009-07-13 20:43 . 2008-04-14 02:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2008-04-14 02:42 915456 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [-] 2008-04-23 . 0484B919829B94B6EEC50D0AC607751A . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-04-02 16:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-12 16264192] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Downloads\\wrar39b1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S2 AlerterAlerterAntiVirScheduler;Alerter AlerterAlerterAntiVirScheduler;c:\windows\system32\axietlicuw.exe service --> c:\windows\system32\axietlicuw.exe service [?] S2 AlerterAntiVirScheduler;Alerter AlerterAntiVirScheduler;c:\windows\TEMP\axietlicuw.exe service --> c:\windows\TEMP\axietlicuw.exe service [?] S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lqpmmn.sys --> c:\windows\system32\drivers\lqpmmn.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-04-02 16:50] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Petio\Application Data\Mozilla\Firefox\Profiles\rnf5tfyn.default\ FF - prefs.js: browser.search.selectedEngine - Уикипедия (bg) FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 14:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2040) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-09-20 14:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-20 11:25 Pre-Run: 30 605 516 800 bytes free Post-Run: 30 528 675 840 bytes free 264 --- E O F --- 2009-09-15 15:54
  13. Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 (UAC is disabled!) `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````````````````` DNS Vulnerability Check: `````````End of Log``````````` RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/20 13:55 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAC588000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79AB000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA9542000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf7a5b60c #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf7a5b5f8 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf7a5b5fd #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xf7a5b607 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0xf7a5b602 Hidden Services ------------------- Service Name: gasfkyowujeyri Image Path: C:\WINDOWS\system32\drivers\gasfkyuejfgliy.sys ==EOF==
  14. Има някакъв процес - axietlicuw.exe ,който товари понякога процесора на 100% Ето логове: Malwarebytes' Anti-Malware 1.41 Database version: 2830 Windows 5.1.2600 Service Pack 3 20.9.2009 г. 13:15:00 mbam-log-2009-09-20 (13-15-00).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 161020 Time elapsed: 30 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\gasfkyvghjcsmy.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\gasfkyvghjcsmy.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. HJthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:31:16, on 20.9.2009 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\axietlicuw.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\axietlicuw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Alerter AlerterAlerterAntiVirScheduler (AlerterAlerterAntiVirScheduler) - Unknown owner - C:\WINDOWS\system32\axietlicuw.exe O23 - Service: Alerter AlerterAntiVirScheduler (AlerterAntiVirScheduler) - Unknown owner - C:\WINDOWS\TEMP\axietlicuw.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe -- End of file - 4426 bytes
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.