Results 1 to 4 of 4

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Iron Maiden
    Join Date: Mar:2006
    Location: Sofia
    Posts: 174

    Svchost.exe...

    .
    "" Svchost. - . , shchost-a Server - .
    , . HiJack Safe Mode .

    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:12, on 31.3.2007 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    E:\Software\Antivirus\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: HFS.lnk = C:\HTTP Server\hfs.exe
    O8 - Extra context menu item: & Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll
    O9 - Extra button: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29CFF 27B-8CB3-4ED2-90DC-451D3C621323}: NameServer = 213.240.241.252,77.70.24.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{29CFF 27B-8CB3-4ED2-90DC-451D3C621323}: NameServer = 213.240.241.252,77.70.24.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{29CFF 27B-8CB3-4ED2-90DC-451D3C621323}: NameServer = 213.240.241.252,77.70.24.1
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabs erver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    Kaspesky .
    : . ?

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , , - , rootkits , :

    http://silentrunners.org/Silent%20Runners.vbs

    edit: event viewer- a
    Last edited by ilko; 31st March 2007 at 22:22.

  3. #3
    Iron Maiden
    Join Date: Mar:2006
    Location: Sofia
    Posts: 174
    :
    "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\Software\Microsoft\Windows\CurrentV ersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit" [MS]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

    HKLM\Software\Microsoft\Windows\CurrentV ersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
    "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
    -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
    -> {HKLM...CLSID} = "History Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
    -> {HKLM...CLSID} = "Web Anti-Virus statistics"
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
    -> {HKLM...CLSID} = "AlcoholShellEx"
    \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.d ll" ["Alcohol Soft Development Team"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"
    -> {HKLM...CLSID} = "AcSignIcon"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
    "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
    -> {HKLM...CLSID} = "ACTHUMBNAIL"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
    "{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
    -> {HKLM...CLSID} = "ACDWFTHMBPRXY"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]
    "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}" = "OODefrag"
    -> {HKLM...CLSID} = "OODShellExtObj Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll " ["O&O Software GmbH"]
    "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
    -> {HKLM...CLSID} = "UnlockerShellExtension"
    \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
    "{A5C2457A-87BC-324E-8124-0025DC10AA03}" = "KillCopy Context Menu Shell Extension"
    -> {HKLM...CLSID} = "KillCopy context menu handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\KillSoft\KillCopy\killcopy. dll" [null data]
    "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}" = "iolo Context Defrag"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\Common\Lib\CONTEX~1.DL L" ["iolo technologies, LLC"]

    HKLM\System\CurrentControlSet\Control\Se ssion Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"oodbs" ["O&O Software GmbH"]|"iolobtdfg c:\windows\system32" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\*\shellex\ContextM enuHandlers\
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
    KillCopy\(Default) = "{A5C2457A-87BC-324E-8124-0025DC10AA03}"
    -> {HKLM...CLSID} = "KillCopy context menu handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\KillSoft\KillCopy\killcopy. dll" [null data]
    OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"
    -> {HKLM...CLSID} = "OODShellExtObj Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll " ["O&O Software GmbH"]
    SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\Common\Lib\CONTEX~1.DL L" ["iolo technologies, LLC"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ ContextMenuHandlers\
    SM_ContextDefrag\(Default) = "{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37}"
    -> {HKLM...CLSID} = "iolo Context Defrag"
    \InProcServer32\(Default) = "C:\PROGRA~1\iolo\Common\Lib\CONTEX~1.DL L" ["iolo technologies, LLC"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\Con textMenuHandlers\
    FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
    -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandl er"
    \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
    KillCopy\(Default) = "{A5C2457A-87BC-324E-8124-0025DC10AA03}"
    -> {HKLM...CLSID} = "KillCopy context menu handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\KillSoft\KillCopy\killcopy. dll" [null data]
    OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}"
    -> {HKLM...CLSID} = "OODShellExtObj Class"
    \InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll " ["O&O Software GmbH"]
    UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
    -> {HKLM...CLSID} = "UnlockerShellExtension"
    \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\AllFilesystemObjec ts\shellex\ContextMenuHandlers\
    UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
    -> {HKLM...CLSID} = "UnlockerShellExtension"
    \InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


    Default executables:
    --------------------

    HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
    <<!>> HKCU\Software\Classes\AutoCADScriptFile\ shell\open\command\(Default) = ""C:\WINDOWS\notepad.exe" "%1"" [MS]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentV ersion\Policies\Explorer\

    "NoInstrumentation" = (REG_DWORD) hex:0x00000001
    {unrecognized setting}

    HKLM\Software\Microsoft\Windows\CurrentV ersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentV ersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofil e\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmypics.scr" [MS]


    Startup items in "Administrator" & "All Users" startup folders:
    ---------------------------------------------------------------

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    "HFS" -> shortcut to: "C:\HTTP Server\hfs.exe" [null data]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\W insock2\Parameters\NameSpace_Catalog5\Ca talog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\W insock2\Parameters\Protocol_Catalog9\Cat alog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR. DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
    "ButtonText" = "Web Anti-Virus statistics"

    {60237576-B24C-4BA9-9740-C9F3EC9DB557}\
    "ButtonText" = ""
    "CLSIDExtension" = "{EAADF17C-B6EA-4511-8549-A67CFD406EAF}"
    -> {HKLM...CLSID} = "TWTIEHelper Object"
    \InProcServer32\(Default) = "C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie. dll" [empty string]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = ""

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    "MenuText" = "@xpsp3res.dll,-20001"
    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    .NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\WINDOWS\Microsoft.NET\Framework\v2.0 .50727\mscorsvw.exe" [MS]
    iolo System Guard, IOLO_SRV, "C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe" ["iolo technologies, LLC"]
    Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
    MATLAB Server, matlabserver, "C:\MATLAB6p5\webserver\bin\win32\matlab server.exe" [null data]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
    VNC Server Version 4, WinVNC4, ""C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service" ["RealVNC Ltd."]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Pr int\Monitors\
    HP DesignJet ECP Monitor\Driver = "HPLTLM.DLL" ["Hewlett-Packard Corporation, Microsoft Corporation"]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 140 seconds, including 18 seconds for message boxes)

    Ad-Aware . Kaspersky.

  4. #4
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , rootkits event viewer- a .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |