Results 1 to 3 of 3

Thread: Windows XP.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Feb:2010
    Location: Ruse
    Posts: 4

    Windows XP.

    . .

    . windows- . apply ok . AVIRA Malwarebytes' Anti-Malware ( 1 2) . NOD 32 . .

  2. #2
    PuNiShER_'s Avatar
    Join Date: Aug:2009
    Location:
    Posts: 547
    , , . combofix

  3. #3
    Registered User
    Join Date: Feb:2010
    Location: Ruse
    Posts: 4
    Malwarebytes -

    ComboFix 10-03-09.03 - Monkey 03/09/2010 22:24:27.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.3198.2553 [GMT 2:00]
    Running from: c:\documents and settings\Monkey\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
    .

    c:\windows\system32\kbdBF.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
    .
    2010-03-09 20:25 . 2010-03-09 19:51 -------- d-----w- c:\documents and settings\Monkey\Application Data\Skype
    2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
    2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\documents and settings\Monkey\Application Data\GRETECH
    2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\program files\GRETECH
    2010-03-09 20:22 . 2010-03-09 20:22 -------- d-----w- c:\program files\CCleaner
    2010-03-09 20:21 . 2010-03-09 20:21 388608 ----a-w- c:\windows\system32\CF11498.exe
    2010-03-09 20:12 . 2010-03-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-03-09 20:10 . 2010-03-09 20:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-03-09 20:10 . 2010-03-09 20:10 -------- d-----w- c:\documents and settings\Monkey\Application Data\skypePM
    2010-03-09 20:10 . 2010-03-09 20:10 -------- d-----w- c:\program files\Vimicro
    2010-03-09 20:10 . 2010-03-09 19:56 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-09 20:08 . 2010-03-09 20:08 -------- d-----w- c:\program files\Avira
    2010-03-09 20:08 . 2010-03-09 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-03-09 20:08 . 2010-03-09 20:08 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-03-09 20:06 . 2010-03-09 20:06 -------- d-----w- c:\program files\AMD
    2010-03-09 20:06 . 2010-03-09 20:06 -------- d-----w- c:\documents and settings\Monkey\Application Data\InstallShield
    2010-03-09 20:01 . 2010-03-09 20:01 -------- d-----w- c:\program files\Analog Devices
    2010-03-09 20:01 . 2010-03-09 20:01 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\bin32
    2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\profile
    2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\log
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl .dll" [2008-05-22 13533184]
    "nwiz"="nwiz.exe" [2008-05-22 1630208]
    "NvMediaCenter"="c:\windows\system32\NvM cTray.dll" [2008-05-22 86016]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
    "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2004-08-03 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
    "ShowDeskFix"="shell32" [X]

    [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/9/2010 10:08 PM 108289]
    R3 vmfilter303;vmfilter303;c:\windows\syste m32\drivers\vmfilter303.sys [3/9/2010 10:10 PM 428160]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SSMDRV
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://sinoptik.bg/
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE



    **************************************** **********************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-09 22:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentV ersion\Run
    BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?? ????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************** **********************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(756)
    c:\windows\system32\nvLsp.dll
    .
    Completion time: 2010-03-09 22:26:21
    ComboFix-quarantined-files.txt 2010-03-09 20:26

    Pre-Run: 28,524,056,576 bytes free
    Post-Run: 28,547,809,280 bytes free

    - - End Of File - - 95E0B2FE51EF08AC8E7A614A148EE7D2




    ( TXT-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |