C:\documents and settings\איה\Application Data\drivers\downld\576046. exe



Download 213.57 Kb.
Page4/4
Date05.01.2017
Size213.57 Kb.
#7147
1   2   3   4

c:\documents and settings\איה\Application Data\m\shared\Select Ex 2000.zip

c:\documents and settings\איה\Application Data\m\shared\Simply Stickies 1.5.zip

c:\documents and settings\איה\Application Data\m\shared\SMS 2 Email 1.00.zip

c:\documents and settings\איה\Application Data\m\shared\Spring Time - Animated Wallpaper 5.07.zip

c:\documents and settings\איה\Application Data\m\shared\SSW LookOut for Outlook 11.12.zip

c:\documents and settings\איה\Application Data\m\shared\Submarines II Screen Saver 1.0.zip

c:\documents and settings\איה\Application Data\m\shared\SV WebSurfing History 2.1 Build 532.zip

c:\documents and settings\איה\Application Data\m\shared\SWF SlideShow Scout 1.10.zip

c:\documents and settings\איה\Application Data\m\shared\Table Manager 1.0.zip

c:\documents and settings\איה\Application Data\m\shared\TextMaestro 1.0.667.0.zip

c:\documents and settings\איה\Application Data\m\shared\TextToMS 1.4.zip

c:\documents and settings\איה\Application Data\m\shared\The PanHandler 32.zip

c:\documents and settings\איה\Application Data\m\shared\TheSage's English Dictionary and Thesaurus 3.0.16.1718 RC1.zip

c:\documents and settings\איה\Application Data\m\shared\TRON 1.3.zip

c:\documents and settings\איה\Application Data\m\shared\uCertify - Practice Test for Exam 220-601 - 430+ Questions 8.00.05.zip

c:\documents and settings\איה\Application Data\m\shared\UltimateReNamerJG 1.0.5.0.zip

c:\documents and settings\איה\Application Data\m\shared\Upload Video Pro 2.0.zip

c:\documents and settings\איה\Application Data\m\shared\VEGA TigerII Minipad 1.0.16.zip

c:\documents and settings\איה\Application Data\m\shared\Vim 7.2.030.zip

c:\documents and settings\איה\Application Data\m\shared\WebScout 2.12.zip

c:\documents and settings\איה\Application Data\m\shared\WidgetStocks 1.0.zip

c:\documents and settings\איה\Application Data\m\shared\Windows XP Pro Startup Disk SP1a.zip

c:\documents and settings\איה\Application Data\m\shared\WM Capture 3.0.zip

c:\documents and settings\איה\Application Data\m\shared\wodSmtpServer 2.2.5.zip

c:\documents and settings\איה\Application Data\m\shared\Wondershare PPT to eCard 1.0.0.zip

c:\documents and settings\איה\Application Data\m\shared\Xiaoli Encryption 7.0 Build 0415.zip

c:\documents and settings\איה\Application Data\m\shared\yahooListCreator 1.0.zip

c:\documents and settings\איה\Application Data\m\srvlist.oct

c:\program files\Microsoft ActiveSync\Wcescomm.exe

c:\windows\system32\ban_list.txt

c:\documents and settings\איה\Application Data\drivers\srosa.sys . . . . failed to delete

c:\documents and settings\איה\Application Data\m . . . . failed to delete

c:\windows\system32\mdelk.exe . . . . failed to delete

c:\windows\system32\wintems.exe . . . . failed to delete


.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Legacy_NNSERV

-------\Legacy_SK9OU0S

-------\Legacy_SROSA

-------\Service_NNServ

-------\Service_sK9Ou0s

((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))

.
2009-01-27 06:04 . 2009-01-27 06:04 53,648 --ah----- c:\windows\system32\mlfcache.dat

2009-01-27 03:38 . 2009-01-27 03:38

d-------- c:\windows\system32\IOSUBSYS

2009-01-26 02:23 . 2009-01-26 02:23

d--h----- c:\documents and settings\איה\Application Data\m

2009-01-26 02:18 . 2009-01-26 02:18

d-------- c:\program files\Trend Micro

2009-01-26 01:50 . 2009-01-26 01:50

d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-26 01:50 . 2009-01-26 01:50

d-------- c:\documents and settings\איה\Application Data\Malwarebytes

2009-01-26 01:50 . 2009-01-26 01:50

d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-26 01:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-26 01:50 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-25 00:24 . 2009-01-25 00:24

d-------- c:\documents and settings\איה\ccsetup215

2009-01-25 00:24 . 2009-01-25 00:24

d-------- c:\documents and settings\איה\ccsetup215

2009-01-24 20:51 . 2009-01-24 20:51

d-------- c:\program files\CCleaner

2009-01-24 01:08 . 2006-08-01 15:02 49,152 -r------- c:\windows\system32\ChCfg.exe

2009-01-24 01:07 . 2009-01-24 01:07

d-------- c:\program files\Realtek AC97

2009-01-24 01:07 . 2001-07-06 00:19 164 -r------- c:\windows\avrack.ini

2009-01-24 00:40 . 2009-01-24 00:40

d-------- c:\program files\Lavalys

2009-01-23 14:10 . 2009-01-23 14:10 2,560 --a------ c:\windows\_MSRSTRT.EXE

2009-01-21 12:57 . 2009-01-21 12:57

d--hs---- C:\FOUND.009

2009-01-13 20:33 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2009-01-13 20:32 . 2009-01-13 20:32

d-------- c:\program files\PC Connectivity Solution

2009-01-06 00:33 . 2009-01-06 00:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 23:24 14,848 ----a-w c:\windows\system32\dllcache\register.exe



2008-12-24 02:33 --------- d--h--w c:\documents and settings\איה\Application Data\drivers

2008-12-12 17:35 3,081,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-06-01 11:27 66,600 ----a-w c:\documents and settings\איה\Application Data\GDIPFONTCACHEV1.DAT

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown



REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{f228c6a4-a593-4017-944c-4e7958fb3177}"= "c:\program files\Radio_G\tbRadi.dll" [2008-11-23 1784856]


[HKEY_CLASSES_ROOT\clsid\{f228c6a4-a593-4017-944c-4e7958fb3177}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f228c6a4-a593-4017-944c-4e7958fb3177}]

2008-11-23 23:03 1784856 --a------ c:\program files\Radio_G\tbRadi.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{f228c6a4-a593-4017-944c-4e7958fb3177}"= "c:\program files\Radio_G\tbRadi.dll" [2008-11-23 1784856]


[HKEY_CLASSES_ROOT\clsid\{f228c6a4-a593-4017-944c-4e7958fb3177}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F228C6A4-A593-4017-944C-4E7958FB3177}"= "c:\program files\Radio_G\tbRadi.dll" [2008-11-23 1784856]


[HKEY_CLASSES_ROOT\clsid\{f228c6a4-a593-4017-944c-4e7958fb3177}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-26 15360]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2009-02-01 57344]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-01 1576176]

"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-12 2084480]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-26 15360]


c:\documents and settings\€‰„\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\

Netvision Cable Connect.url [2008-03-06 97]

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg21.dll


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]

path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^איה^תפריט התחלה^תוכניות^הפעלה^Adobe Gamma.lnk]

path=c:\documents and settings\איה\תפריט התחלה\תוכניות\הפעלה\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2007-02-28 23:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2007-12-27 17:12 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2003-03-04 19:09 1257472 c:\program files\Ahead\InCD\InCD.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

-ra------ 2002-10-08 12:03 155648 c:\windows\system32\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-08-12 17:13 21741864 c:\program files\Skype\Phone\Skype.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

--a------ 2005-12-21 10:14 73728 c:\windows\system32\PCLECoInst.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-r------- 2006-11-17 05:42 577536 c:\windows\soundman.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ServiceLayer"=3 (0x3)

"NNServ"=2 (0x2)

"gusvc"=3 (0x3)

"GoogleDesktopManager"=3 (0x3)

"Adobe LM Service"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Hebrew Kazaa Lite\\CLEAN.KMD"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\emule\\emule.exe"=

"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service


R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2006-03-24 9344]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-13 33792]

R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2006-03-24 389504]

S0 Dwh58;Dwh58; [x]

S0 zwsfkmnm;zwsfkmnm;c:\windows\system32\drivers\mcktlqih.dat --> c:\windows\system32\drivers\mcktlqih.dat [?]

S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [2008-03-30 110048]

S3 2nixA;2nixA;\??\d:\sfp\app\sys\2nixA.sys --> d:\sfp\app\sys\2nixA.sys [?]

S3 2nixWDM;2nixWDM;\??\d:\sfp\app\sys\2nixWDM.sys --> d:\sfp\app\sys\2nixWDM.sys [?]

S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-27 31592]

S3 InvVxD;InvVxD;\??\d:\sfp\app\sys\InvVxD.sys --> d:\sfp\app\sys\InvVxD.sys [?]

S3 KGPar2;KGPar2;\??\d:\sfp\app\sys\KGPar2.sys --> d:\sfp\app\sys\KGPar2.sys [?]

S3 KGPar3;KGPar3;\??\d:\sfp\app\sys\KGPar3.sys --> d:\sfp\app\sys\KGPar3.sys [?]

S3 MArrFifo;MArrFifo;\??\d:\sfp\app\sys\MArrFifo.sys --> d:\sfp\app\sys\MArrFifo.sys [?]

S3 MFifoArr;MFifoArr;\??\d:\sfp\app\sys\MFifoArr.sys --> d:\sfp\app\sys\MFifoArr.sys [?]

S3 MidiAck;MidiAck;\??\d:\sfp\app\sys\MidiAck.sys --> d:\sfp\app\sys\MidiAck.sys [?]

S3 MVC2VxD;MVC2VxD;\??\d:\sfp\app\sys\MVC2VxD.sys --> d:\sfp\app\sys\MVC2VxD.sys [?]

S3 MVCVxD;MVCVxD;\??\d:\sfp\app\sys\MVCVxD.sys --> d:\sfp\app\sys\MVCVxD.sys [?]

S3 PC2VxD;PC2VxD;\??\d:\sfp\app\sys\PC2VxD.sys --> d:\sfp\app\sys\PC2VxD.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]

S3 Spl2VxD;Spl2VxD;\??\d:\sfp\app\sys\Spl2VxD.sys --> d:\sfp\app\sys\Spl2VxD.sys [?]

S3 TPlay;TPlay;\??\d:\sfp\app\sys\TPlay.sys --> d:\sfp\app\sys\TPlay.sys [?]

S3 TPRSync;TPRSync;\??\d:\sfp\app\sys\TPRSync.sys --> d:\sfp\app\sys\TPRSync.sys [?]

S3 TPSync;TPSync;\??\d:\sfp\app\sys\TPSync.sys --> d:\sfp\app\sys\TPSync.sys [?]

S3 TRec;TRec;\??\d:\sfp\app\sys\TRec.sys --> d:\sfp\app\sys\TRec.sys [?]

S3 TRSync;TRSync;\??\d:\sfp\app\sys\TRSync.sys --> d:\sfp\app\sys\TRSync.sys [?]

S3 TStretch;TStretch;\??\d:\sfp\app\sys\TStretch.sys --> d:\sfp\app\sys\TStretch.sys [?]

S3 VDATMot;VDATMot;\??\d:\sfp\app\sys\VDATMot.sys --> d:\sfp\app\sys\VDATMot.sys [?]

S3 VPlay;VPlay;\??\d:\sfp\app\sys\VPlay.sys --> d:\sfp\app\sys\VPlay.sys [?]

S3 VRec;VRec;\??\d:\sfp\app\sys\VRec.sys --> d:\sfp\app\sys\VRec.sys [?]

S3 VSTin;VSTin;\??\d:\sfp\app\sys\VSTin.sys --> d:\sfp\app\sys\VSTin.sys [?]

S3 VSTout;VSTout;\??\d:\sfp\app\sys\VSTout.sys --> d:\sfp\app\sys\VSTout.sys [?]

S3 VSTsync;VSTsync;\??\d:\sfp\app\sys\VSTsync.sys --> d:\sfp\app\sys\VSTsync.sys [?]

S3 VxD2PC;VxD2PC;\??\d:\sfp\app\sys\VxD2PC.sys --> d:\sfp\app\sys\VxD2PC.sys [?]

S3 WaveIn16;WaveIn16;\??\d:\sfp\app\sys\WaveIn16.sys --> d:\sfp\app\sys\WaveIn16.sys [?]

S3 WaveOut16;WaveOut16;\??\d:\sfp\app\sys\WaveOut16.sys --> d:\sfp\app\sys\WaveOut16.sys [?]


--- Other Services/Drivers In Memory ---
*NewlyCreated* - SROSA

*Deregistered* - srosa


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d126163-e7b7-11dd-9067-000c76271a8e}]

\Shell\AutoRun\command - G:\USBNB.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50e5bb8-b48c-11dc-8ac4-000c76271a8e}]

\Shell\AutoRun\command - j:\wd_windows_tools\setup.exe

.

Contents of the 'Scheduled Tasks' folder


2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

- - - - ORPHANS REMOVED - - - -


BHO-{8CEC0E6D-2C58-4D3B-BF47-C8B13CDC4986} - c:\windows\system32\ipsecsvco.dll

HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\Wcescomm.exe

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe

MSConfigStartUp-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

MSConfigStartUp-RelevantKnowledge - c:\windows\system32\rlvknlg.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe

MSConfigStartUp-WinFixer2005 - c:\program files\WinFixer 2005\uwfx5.exe

MSConfigStartUp-InitPulsar - D:/SFP/app/bin/sfp.exe

.

------- Supplementary Scan -------



.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.co.il/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath -

.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 13:35:04

Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
c:\windows\system32\wintems.exe [1520] 0x817C07F8

c:\documents and settings\

scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully

hidden files: 0


**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"drvsyskit"="c:\\Documents and Settings\\???\\Application Data\\drivers\\winupgro.exe"

"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"

"mule_st_key"="c:\\Documents and Settings\\???\\Application Data\\m\\flec006.exe"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:/temp\catchme.sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\c:\documents and settings\???\Application Data\drivers\srosa.sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:/temp\catchme.sys"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zwsfkmnm]

"ImagePath"="system32\drivers\mcktlqih.dat"

.

--------------------- LOCKED REGISTRY KEYS ---------------------


[HKEY_USERS\S-1-5-21-1547161642-562591055-682003330-1004\3*³]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1547161642-562591055-682003330-1004\3*³\LastOutput]

@="d:\\?????? 6120\\[u]0[/u]1-03-2008 ???? ?? ???? ??????"


[HKEY_USERS\S-1-5-21-1547161642-562591055-682003330-1004\Software\Microsoft\

M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"File1"="c:\\WINDOWS\\system32\\compmgmt.msc"

"File2"="c:\\WINDOWS\\system32\\dfrg.msc"

"File3"="c:\\WINDOWS\\system32\\devmgmt.msc"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,80,48,a2,77,2b,

f6,d6,60,c8,28,51,af,b0,29,a3,98,22,9a,92,70,7d,ca,29,94,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,02,06,76,1c,7f,

be,40,a3,71,3b,04,66,8b,46,0d,96,c1,99,eb,43,44,c4,4a,9a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,62,ec,f7,5a,5f,

6c,d8,f9,25,da,ec,7e,55,20,c9,26,1a,79,ce,54,94,5c,19,34,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,8a,83,ae,9b,f7,

4e,7c,44,3e,1e,9e,e0,57,5a,93,61,23,0b,cd,ca,63,2d,19,e2,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,2f,d4,e4,87,5d,

58,21,8c,cd,44,cd,b9,a6,33,6c,cd,6a,14,19,40,ba,54,31,9c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8d,66,a5,85,3c,

38,67,99,b0,18,ed,a7,3f,8d,37,a4,59,56,b5,c4,17,17,08,03,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f6,9a,c1,00,1e,

ae,0d,08,31,77,e1,ba,b1,f8,68,02,f1,27,13,a2,65,ce,6f,2e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,54,d3,35,50,ac,

a7,42,22,83,6c,56,8b,a0,85,96,ab,8a,52,48,31,aa,8e,4d,7a,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,b9,22,55,05,18,

8b,c5,d0,51,fa,6e,91,28,9e,14,cc,c7,4a,14,3c,f9,a3,e0,f1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,fe,76,de,a7,93,

75,35,09,b1,cd,45,5a,a8,c4,f8,b9,a6,72,67,fb,bd,77,da,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,48,05,f2,2d,3c,

ab,e1,8f,e3,0e,66,d5,eb,bc,2f,6b,a0,7b,f7,18,6f,b7,67,a4,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,79,ae,c4,b1,c8,

fa,7c,b9,fa,ea,66,7f,d4,3b,6b,70,95,c4,86,17,e3,c7,a7,7e,6c,43,2d,1e,aa,22,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------


- - - - - - - > 'winlogon.exe'(516)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Other Running Processes ------------------------



.

c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

c:\program files\BONJOUR\MDNSRESPONDER.EXE

c:\program files\FAXTALK COMMUNICATOR\FAPIEXE.EXE

c:\program files\Internet Explorer\IEXPLORE.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

c:\documents and settings\

.

**************************************************************************



.

Completion time: 2009-02-01 13:40:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-01 11:40:12
Pre-Run: 3.672.588.288 bytes free

Post-Run: 7,703,724,032 bytes free


4078 --- E O F --- 2008-12-18 23:12:14


Download 213.57 Kb.

Share with your friends:
1   2   3   4




The database is protected by copyright ©ininet.org 2022
send message

    Main page