Results 1 to 3 of 3
Thread: Windows XP.
Hybrid View
-
9th March 2010 21:41 #1Registered User
Join Date: Feb:2010
Location: Ruse
Posts: 4
Windows XP.
. .
. windows- . apply ok . AVIRA Malwarebytes' Anti-Malware ( 1 2) . NOD 32 . .
-
9th March 2010 21:44 #2
, , . combofix
SiteMasterBG.com - .
-
9th March 2010 22:30 #3Registered User
Join Date: Feb:2010
Location: Ruse
Posts: 4
Malwarebytes -
ComboFix 10-03-09.03 - Monkey 03/09/2010 22:24:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.3198.2553 [GMT 2:00]
Running from: c:\documents and settings\Monkey\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
c:\windows\system32\kbdBF.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2010-03-09 20:25 . 2010-03-09 19:51 -------- d-----w- c:\documents and settings\Monkey\Application Data\Skype
2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\documents and settings\Monkey\Application Data\GRETECH
2010-03-09 20:23 . 2010-03-09 20:23 -------- d-----w- c:\program files\GRETECH
2010-03-09 20:22 . 2010-03-09 20:22 -------- d-----w- c:\program files\CCleaner
2010-03-09 20:21 . 2010-03-09 20:21 388608 ----a-w- c:\windows\system32\CF11498.exe
2010-03-09 20:12 . 2010-03-09 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 20:10 . 2010-03-09 20:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-09 20:10 . 2010-03-09 20:10 -------- d-----w- c:\documents and settings\Monkey\Application Data\skypePM
2010-03-09 20:10 . 2010-03-09 20:10 -------- d-----w- c:\program files\Vimicro
2010-03-09 20:10 . 2010-03-09 19:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 20:08 . 2010-03-09 20:08 -------- d-----w- c:\program files\Avira
2010-03-09 20:08 . 2010-03-09 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-09 20:08 . 2010-03-09 20:08 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-09 20:06 . 2010-03-09 20:06 -------- d-----w- c:\program files\AMD
2010-03-09 20:06 . 2010-03-09 20:06 -------- d-----w- c:\documents and settings\Monkey\Application Data\InstallShield
2010-03-09 20:01 . 2010-03-09 20:01 -------- d-----w- c:\program files\Analog Devices
2010-03-09 20:01 . 2010-03-09 20:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\bin32
2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\profile
2010-03-09 19:56 . 2010-03-09 19:56 -------- d-----w- c:\program files\log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl .dll" [2008-05-22 13533184]
"nwiz"="nwiz.exe" [2008-05-22 1630208]
"NvMediaCenter"="c:\windows\system32\NvM cTray.dll" [2008-05-22 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON .EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/9/2010 10:08 PM 108289]
R3 vmfilter303;vmfilter303;c:\windows\syste m32\drivers\vmfilter303.sys [3/9/2010 10:10 PM 428160]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sinoptik.bg/
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-BigDog303 - c:\windows\VM303_STI.EXE
**************************************** **********************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 22:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentV ersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?? ????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\nvLsp.dll
.
Completion time: 2010-03-09 22:26:21
ComboFix-quarantined-files.txt 2010-03-09 20:26
Pre-Run: 28,524,056,576 bytes free
Post-Run: 28,547,809,280 bytes free
- - End Of File - - 95E0B2FE51EF08AC8E7A614A148EE7D2
( TXT-)




Reply With Quote
R9 280,
7th May 2023, 21:28 in