Jump to content

Jakubas

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Jakubas
    I couldn't get a Dr Web Cure-It log because when i try to start safe mode i get a Blue Screen Of Death and when I run Dr Web in normal mode it stalls. 2010/09/01 15:11:20.0546 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41 2010/09/01 15:11:20.0546 ================================================================================ 2010/09/01 15:11:20.0546 SystemInfo: 2010/09/01 15:11:20.0546 2010/09/01 15:11:20.0546 OS Version: 5.1.2600 ServicePack: 2.0 2010/09/01 15:11:20.0546 Product type: Workstation 2010/09/01 15:11:20.0546 ComputerName: SKYNET-FBC1CAEC 2010/09/01 15:11:20.0546 UserName: Dark Knight 2010/09/01 15:11:20.0546 Windows directory: C:\WINDOWS 2010/09/01 15:11:20.0546 System windows directory: C:\WINDOWS 2010/09/01 15:11:20.0546 Processor architecture: Intel x86 2010/09/01 15:11:20.0546 Number of processors: 2 2010/09/01 15:11:20.0546 Page size: 0x1000 2010/09/01 15:11:20.0546 Boot type: Normal boot 2010/09/01 15:11:20.0546 ================================================================================ 2010/09/01 15:11:20.0843 Initialize success 2010/09/01 15:11:22.0062 ================================================================================ 2010/09/01 15:11:22.0062 Scan started 2010/09/01 15:11:22.0062 Mode: Manual; 2010/09/01 15:11:22.0062 ================================================================================ 2010/09/01 15:11:22.0953 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/01 15:11:23.0093 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/09/01 15:11:23.0343 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2010/09/01 15:11:23.0609 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/09/01 15:11:25.0890 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/01 15:11:26.0187 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/01 15:11:26.0843 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/01 15:11:27.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/01 15:11:27.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/01 15:11:27.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/01 15:11:28.0281 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/09/01 15:11:28.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/01 15:11:29.0312 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/01 15:11:29.0546 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/01 15:11:30.0078 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/09/01 15:11:30.0562 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/09/01 15:11:31.0812 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/01 15:11:32.0093 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/01 15:11:32.0359 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/01 15:11:32.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/01 15:11:32.0859 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/01 15:11:33.0359 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/01 15:11:33.0859 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/01 15:11:34.0125 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2010/09/01 15:11:34.0390 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/01 15:11:34.0640 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/09/01 15:11:34.0906 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/09/01 15:11:35.0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/01 15:11:35.0421 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/01 15:11:35.0703 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/01 15:11:35.0953 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/01 15:11:36.0234 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/01 15:11:36.0734 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/01 15:11:37.0234 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/01 15:11:37.0453 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/09/01 15:11:37.0750 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/09/01 15:11:38.0015 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/01 15:11:38.0750 intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/01 15:11:39.0015 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/09/01 15:11:39.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/01 15:11:39.0531 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/01 15:11:39.0796 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/01 15:11:40.0062 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/01 15:11:40.0359 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/01 15:11:40.0609 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/01 15:11:40.0859 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/01 15:11:41.0125 kbdhid (831be9197bdace6bdcac1bfdbe1c380f) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/09/01 15:11:41.0406 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/01 15:11:41.0671 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/01 15:11:42.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/01 15:11:42.0468 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/01 15:11:42.0750 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/01 15:11:42.0984 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/01 15:11:43.0328 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/01 15:11:43.0531 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/01 15:11:43.0796 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/01 15:11:44.0046 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/01 15:11:44.0296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/01 15:11:44.0562 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/01 15:11:44.0812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/01 15:11:45.0062 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/09/01 15:11:45.0312 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/01 15:11:45.0578 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/09/01 15:11:46.0046 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/01 15:11:46.0312 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/09/01 15:11:46.0578 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/01 15:11:46.0812 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/01 15:11:47.0062 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/01 15:11:47.0312 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/01 15:11:47.0562 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/01 15:11:47.0812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/01 15:11:48.0093 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/01 15:11:48.0359 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/01 15:11:48.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/01 15:11:48.0890 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/01 15:11:49.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/01 15:11:49.0421 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\drivers\Parport.sys 2010/09/01 15:11:49.0671 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/01 15:11:49.0921 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/01 15:11:50.0171 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/01 15:11:50.0750 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/01 15:11:51.0046 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/01 15:11:52.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/01 15:11:52.0968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/01 15:11:53.0218 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/01 15:11:54.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/01 15:11:54.0921 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/01 15:11:55.0203 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/01 15:11:55.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/01 15:11:55.0718 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/01 15:11:55.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/01 15:11:56.0234 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/01 15:11:56.0500 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/01 15:11:56.0812 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/01 15:11:57.0093 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\drivers\Serial.sys 2010/09/01 15:11:57.0343 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/01 15:11:57.0859 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/09/01 15:11:58.0343 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/01 15:11:58.0625 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2010/09/01 15:11:58.0906 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/01 15:11:59.0187 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/01 15:11:59.0500 STHDA (be12a5758c9118822cd55cbf1570fca4) C:\WINDOWS\system32\drivers\sthda.sys 2010/09/01 15:11:59.0781 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/09/01 15:12:00.0031 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/01 15:12:00.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/01 15:12:01.0484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/01 15:12:01.0750 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/01 15:12:02.0015 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/01 15:12:02.0265 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/01 15:12:02.0515 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/01 15:12:03.0062 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/01 15:12:03.0578 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/01 15:12:03.0890 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/01 15:12:04.0171 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/01 15:12:04.0421 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/01 15:12:04.0671 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/01 15:12:04.0937 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/01 15:12:05.0203 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/09/01 15:12:05.0453 USB_RNDIS (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2010/09/01 15:12:05.0718 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/09/01 15:12:06.0218 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/01 15:12:06.0500 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/01 15:12:06.0984 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/01 15:12:07.0312 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/09/01 15:12:07.0593 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/09/01 15:12:07.0656 ================================================================================ 2010/09/01 15:12:07.0656 Scan finished 2010/09/01 15:12:07.0656 ================================================================================ 2010/09/01 15:12:19.0437 Deinitialize success ComboFix 10-08-31.02 - Dark Knight 09/01/2010 15:13:13.10.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1045.18.2038.1713 [GMT 2:00] Running from: c:\documents and settings\Dark Knight\Pulpit\dsadassda.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DAC970NT -------\Service_dac970nt ((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))))) . 2010-09-01 12:53 . 2010-09-01 12:53 -------- d-----w- c:\program files\NEXON 2010-08-31 15:02 . 2010-08-31 15:02 -------- d-----w- C:\SOMETHING 2010-08-31 12:42 . 2010-08-31 12:42 -------- d-----w- c:\documents and settings\Dark Knight\DoctorWeb 2010-08-31 12:10 . 2010-09-01 13:12 -------- d-----w- C:\ComboFix 2010-08-31 10:47 . 2010-08-31 10:47 -------- d-----w- c:\program files\BitTorrent 2010-08-31 08:01 . 2010-08-31 08:01 -------- d-----w- c:\program files\Common Files\Java 2010-08-31 07:57 . 2010-08-31 07:57 503808 ----a-w- c:\documents and settings\Dark Knight\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556ad853-n\msvcp71.dll 2010-08-31 07:57 . 2010-08-31 07:57 499712 ----a-w- c:\documents and settings\Dark Knight\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556ad853-n\jmc.dll 2010-08-31 07:57 . 2010-08-31 07:57 348160 ----a-w- c:\documents and settings\Dark Knight\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556ad853-n\msvcr71.dll 2010-08-31 07:57 . 2010-08-31 07:57 61440 ----a-w- c:\documents and settings\Dark Knight\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-372de87b-n\decora-sse.dll 2010-08-31 07:57 . 2010-08-31 07:57 12800 ----a-w- c:\documents and settings\Dark Knight\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-372de87b-n\decora-d3d.dll 2010-08-31 07:57 . 2010-08-31 07:57 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-31 07:57 . 2010-08-31 07:57 -------- d-----w- c:\program files\Java 2010-08-30 16:33 . 2010-08-30 16:35 -------- d-----w- c:\windows\system32\NtmsData 2010-08-30 16:26 . 2010-08-30 16:26 -------- d-----w- C:\Rooter$ 2010-08-30 15:51 . 2010-08-30 15:51 -------- d-----w- c:\program files\AnVir Task Manager Free 2010-08-30 14:55 . 2010-08-30 14:55 -------- d-----w- c:\program files\7-Zip 2010-08-30 14:39 . 2010-08-30 14:39 12328 ----a-w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-08-30 13:11 . 2010-01-13 10:28 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll 2010-08-30 13:11 . 2010-01-13 10:18 1498560 ----a-w- c:\windows\system32\igkrng400.bin 2010-08-30 11:18 . 2010-08-30 11:18 -------- d-----w- c:\windows\ServicePackFiles 2010-08-30 10:16 . 2010-08-30 10:35 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-08-30 10:13 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-08-30 10:09 . 2010-02-16 19:35 2059648 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-08-30 10:09 . 2010-02-16 19:35 2018304 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-08-30 10:09 . 2010-02-16 19:35 2182656 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-08-30 10:09 . 2010-02-16 19:35 2138624 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-08-30 10:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-08-30 10:00 . 2008-06-14 18:01 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-08-30 10:00 . 2008-06-14 18:01 273024 ------w- c:\windows\system32\drivers\bthport.sys 2010-08-30 09:58 . 2010-08-30 09:58 -------- d-----w- c:\program files\Intel 2010-08-30 09:49 . 2010-08-30 15:54 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\AnVir 2010-08-29 12:28 . 2010-08-29 14:33 503808 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2010-08-29 11:36 . 2010-09-01 12:12 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\BitTorrent 2010-08-29 11:27 . 2010-08-30 14:46 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-29 11:27 . 2010-08-30 14:56 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\DAEMON Tools Lite 2010-08-29 11:27 . 2010-08-29 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-08-29 11:24 . 2010-08-29 11:24 -------- d-----w- c:\program files\CCleaner 2010-08-29 11:21 . 2010-08-29 11:21 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\IObit 2010-08-29 07:19 . 2010-08-29 07:19 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\GamersFirst LIVE! 2010-08-29 07:19 . 2010-08-30 07:41 -------- d-----w- c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\PMB Files 2010-08-29 07:18 . 2010-08-29 09:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files 2010-08-28 20:27 . 2010-08-28 20:27 -------- d-----w- c:\documents and settings\Dark Knight\AppData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 13:08 . 2006-03-02 12:00 49376 ----a-w- c:\windows\system32\perfc015.dat 2010-09-01 13:08 . 2006-03-02 12:00 355152 ----a-w- c:\windows\system32\perfh015.dat 2010-08-30 16:18 . 2010-08-28 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-29 16:39 . 2010-08-28 16:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-08-28 21:19 . 2010-08-28 17:55 -------- d-----w- c:\program files\UnHackMe 2010-08-28 17:56 . 2010-08-28 17:56 2 --shatr- c:\windows\winstart.bat 2010-08-28 17:37 . 2010-08-28 17:37 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\Malwarebytes 2010-08-28 17:37 . 2010-08-28 17:37 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{5DC53E13-E865-430F-97A7-98ACA32FC3D8} 2010-08-28 17:36 . 2010-08-28 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-08-28 17:33 . 2010-08-28 17:31 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\GetRightToGo 2010-08-28 16:49 . 2010-08-28 16:49 200 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-08-28 16:49 . 2010-08-28 16:48 -------- d-----w- c:\program files\IDT 2010-08-28 16:48 . 2010-08-28 16:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-28 16:48 . 2010-08-28 16:48 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\program files\SAGEM 2010-08-28 16:45 . 2010-08-28 16:45 -------- d-----w- c:\documents and settings\Dark Knight\Dane aplikacji\InstallShield 2010-08-28 16:34 . 2010-08-28 16:34 -------- d-----w- c:\program files\microsoft frontpage 2010-08-28 16:33 . 2010-08-28 16:33 -------- d-----w- c:\program files\Us?ugi online 2010-08-28 16:31 . 2010-08-28 16:31 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-06-14 14:30 . 2010-08-28 16:32 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-04 16:23 . 2010-06-04 16:23 1548288 ----a-w- c:\windows\system32\sfcfiles.dll 2010-06-04 16:22 . 2010-06-04 16:23 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-06-04 16:22 . 2010-06-04 16:22 991744 ----a-w- c:\windows\system32\syssetup.dll . ------- Sigcheck ------- [-] 2010-06-04 . 64FF4E77CF31132734C42C90B4839FBA . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot_2010-08-31_12.14.06 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-01 13:16 . 2010-09-01 13:16 16384 c:\windows\temp\Perflib_Perfdata_628.dat + 2010-09-01 13:16 . 2010-09-01 13:16 16384 c:\windows\temp\Perflib_Perfdata_500.dat + 2006-03-02 12:00 . 2010-09-01 13:08 40394 c:\windows\system32\perfc009.dat - 2006-03-02 12:00 . 2010-08-31 07:52 40394 c:\windows\system32\perfc009.dat + 2010-08-30 13:11 . 2007-04-20 11:57 142104 c:\windows\system32\ReinstallBackups\0006\DriverFiles\igfxtray.exe + 2010-08-30 13:11 . 2007-04-20 11:57 138008 c:\windows\system32\ReinstallBackups\0006\DriverFiles\igfxpers.exe + 2010-08-30 13:11 . 2007-04-20 11:57 162584 c:\windows\system32\ReinstallBackups\0006\DriverFiles\hkcmd.exe - 2006-03-02 12:00 . 2010-08-31 07:52 312172 c:\windows\system32\perfh009.dat + 2006-03-02 12:00 . 2010-09-01 13:08 312172 c:\windows\system32\perfh009.dat + 2010-09-01 12:03 . 2010-09-01 12:03 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe + 2010-09-01 12:03 . 2010-09-01 12:03 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll + 2010-08-28 16:43 . 2010-01-13 09:46 208384 c:\windows\system32\igfxtray.exe + 2010-08-28 16:43 . 2010-01-13 09:48 645632 c:\windows\system32\igfxcfg.exe + 2010-08-28 16:32 . 2006-03-02 12:00 237568 c:\windows\pchealth\helpctr\binaries\msconfig.exe + 2010-07-27 22:17 . 2010-07-27 22:17 2895824 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 318184] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 213504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 208384] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 244736] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\hkcmd.exe"= "c:\\WINDOWS\\system32\\igfxtray.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\Documents and Settings\\Dark Knight\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Documents and Settings\\Dark Knight\\Moje dokumenty\\Downloads\\1v98x46e.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\NEXON\\Europe MapleStory\\Setup.exe"= "c:\\Program Files\\NEXON\\Europe MapleStory\\Patcher.exe"= "c:\\Program Files\\NEXON\\Europe MapleStory\\MapleStory.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"= "c:\\Documents and Settings\\Dark Knight\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\GoogleUpdate.exe"= "c:\\Documents and Settings\\Dark Knight\\Pulpit\\TFC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56671:TCP"= 56671:TCP:Pando Media Booster "56671:UDP"= 56671:UDP:Pando Media Booster S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/29/2010 1:27 PM 691696] --- Other Services/Drivers In Memory --- *NewlyCreated* - DAC970NT . Contents of the 'Scheduled Tasks' folder 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004Core.job - c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004UA.job - c:\documents and settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-28 17:04] . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 15:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2010-09-01 15:18:23 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-01 13:18 ComboFix2.txt 2010-08-31 12:15 Pre-Run: 98,156,703,744 bajt
  2. Jakubas
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:20:54 PM, on 8/29/2010 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\kwtv.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Moje dokumenty\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O22 - SharedTaskScheduler: Modul wstepnego ladowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii skladnik
  3. Jakubas
    Ive deleted BitTorrent
  4. Jakubas
    Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 2 (UAC is disabled!) Out of date service pack!! Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: ``````````````````````````````` Anti-malware/Other Utilities Check: Out of date HijackThis installed! Malwarebytes' Anti-Malware HijackThis 1.99.1 CCleaner ```````````````````````````````` Process Check: objlist.exe by Laurent ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Dodatek Service Pack 2 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 6.0.2900.2180 . C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:104 Go ) D:\ [Removable] E:\ [CD_Rom] . Scan : 18:28.36 Path : C:\Documents and Settings\Dark Knight\Pulpit\Rooter.exe User : Dark Knight ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (396) ______ \??\C:\WINDOWS\system32\csrss.exe (600) ______ \??\C:\WINDOWS\system32\winlogon.exe (624) ______ C:\WINDOWS\system32\services.exe (668) ______ C:\WINDOWS\system32\lsass.exe (680) ______ C:\WINDOWS\system32\svchost.exe (836) ______ C:\WINDOWS\system32\svchost.exe (896) ______ C:\WINDOWS\System32\svchost.exe (992) ______ C:\WINDOWS\system32\svchost.exe (1056) ______ C:\WINDOWS\system32\spoolsv.exe (1216) ______ C:\WINDOWS\system32\svchost.exe (1316) ______ C:\WINDOWS\explorer.exe (1816) ______ C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winfqlhfq.exe (568) ______ C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (6460) ______ C:\Documents and Settings\Dark Knight\Pulpit\Rooter.exe (10496) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:120031543296) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004Core.job C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-688789844-725345543-1004UA.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 18:28.37 . C:\Rooter$\Rooter_1.txt - (29/08/2010 | 18:28.37)
  5. Jakubas
    OTL Extras logfile created on: 8/29/2010 6:32:13 PM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Dark Knight\Pulpit Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: Stany Zjednoczone | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 104.11 Gb Free Space | 93.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 576.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SKYNET-FBC1CAEC Current User Name: Dark Knight Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "56671:TCP" = 56671:TCP:*:Enabled:Pando Media Booster "56671:UDP" = 56671:UDP:*:Enabled:Pando Media Booster "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec -- (Google Inc.) "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation) "C:\Documents and Settings\Dark Knight\Moje dokumenty\Downloads\OTS.exe" = C:\Documents and Settings\Dark Knight\Moje dokumenty\Downloads\OTS.exe:*:Enabled:ipsec -- (OldTimer Tools) "C:\Documents and Settings\Dark Knight\Moje dokumenty\Downloads\1v98x46e.exe" = C:\Documents and Settings\Dark Knight\Moje dokumenty\Downloads\1v98x46e.exe:*:Enabled:ipsec -- () "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [string data over 1000 bytes] "C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winfqlhfq.exe" = C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winfqlhfq.exe:*:Enabled:ipsec -- () "C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winqqoc.exe" = C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winqqoc.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\tjqg.exe" = C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\tjqg.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winmnoc.exe" = C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winmnoc.exe:*:Enabled:ipsec -- File not found "C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\wingeglsw.exe" = C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\wingeglsw.exe:*:Enabled:ipsec -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{AB3F9176-E74A-4F28-9A09-4F22349B145E}" = livebox tp "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "AnVir Task Manager Pro" = AnVir Task Manager Pro "BitTorrent" = BitTorrent "CCleaner" = CCleaner "ERUNT_is1" = ERUNT 1.1j "Game Booster_is1" = Game Booster "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 1.99.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/28/2010 12:43:28 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca explorer.exe, wersja 6.0.2900.2180, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 8/28/2010 2:12:44 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca mbam.exe, wersja 1.46.0.1, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 8/28/2010 2:12:46 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca mbam.exe, wersja 1.46.0.1, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 8/28/2010 2:12:48 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca mbam.exe, wersja 1.46.0.1, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 8/28/2010 4:13:26 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca 5xk9k3li.exe, wersja 1.0.15.15281, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 8/28/2010 4:13:26 PM | Computer Name = SKYNET-FBC1CAEC | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszajaca 5xk9k3li.exe, wersja 1.0.15.15281, modul zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 8/29/2010 10:37:48 AM | Computer Name = SKYNET-FBC1CAEC | Source = DCOM | ID = 10005 Description = Model DCOM odebral blad
  6. Jakubas
    HAD TO UPLIAD TOO BIG FOR 1 POST OTL.Txt
  7. Jakubas
    GMER LOG: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-29 11:13:43 Windows 5.1.2600 Dodatek Service Pack 2 Running: 1v98x46e.exe; Driver: C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\fwkcifob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\nhmjfn.sys Nie mo?na odnale?? okre?lonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- EOF - GMER 1.0.15 ----
  8. Jakubas
    Here's a OTS scan log:
  9. Jakubas
    Here's my malware log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4495 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 8/28/2010 11:31:59 PM mbam-log-2010-08-28 (23-31-59).txt Scan type: Quick scan Objects scanned: 118867 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. Jakubas
    My laptop has Windows XP SP2. The virus disabled task manager, regedit and likes to shut down .exe extensions. I've got a HijackThis log : Logfile of HijackThis v1.99.1 Scan saved at 11:00:42 PM, on 8/28/2010 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wpabaln.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winwhtuxk.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\Katalog tymczasowy 1 dla RootkitRevealer.zip\RootkitRevealer.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\chcp.com C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing) O23 - Service: DO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
  11. Jakubas
    GMER LOG: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-29 11:13:43 Windows 5.1.2600 Dodatek Service Pack 2 Running: 1v98x46e.exe; Driver: C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\fwkcifob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\nhmjfn.sys Nie mo?na odnale?? okre?lonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- EOF - GMER 1.0.15 ----
  12. Jakubas
    Here's and OTS scan log. OTS2.Txt
  13. Jakubas
    Here's and OTS scan log.
  14. Jakubas
    I've done 3 malwarebyte's Anti-Malware scans and each time I do a scan I always get the same 5 viruses which i just Quarantined and deleted. It's like they reproduce or something. Here's my malware log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4495 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 8/28/2010 11:31:59 PM mbam-log-2010-08-28 (23-31-59).txt Scan type: Quick scan Objects scanned: 118867 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. Jakubas
    My laptop has Windows XP SP2. The virus disabled task manager, regedit and likes to shut down .exe extensions. I've got a HijackThis log : Logfile of HijackThis v1.99.1 Scan saved at 11:00:42 PM, on 8/28/2010 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wpabaln.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\winwhtuxk.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\Katalog tymczasowy 1 dla RootkitRevealer.zip\RootkitRevealer.exe C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\chcp.com C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Dark Knight\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [unHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing) O23 - Service: DO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\DARKKN~1\USTAWI~1\Temp\DO.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\gatewayxpv_12\wdm\STacSV.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.