generic host process for win32 services sp3 :?:

generic host process for win32 services sp3 :?:

offline
  • Pridružio: 04 Avg 2009
  • Poruke: 166

Napisano: 11 Feb 2011 10:06

blokira mi Internet i nonstop izbacuse dont send Crying or Very sad

Dopuna: 11 Feb 2011 11:45

DDS (Ver_10-12-12.02) - NTFSx86
Run by SERVIS at 11:36:07.01 on Fri 02/11/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1342 [GMT 1:00]

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\T-Mobile Internet Manager\UIExec.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\SERVIS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
udefault_page_url = hxxp://www.microsoft.com
mDefault_Page_URL = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mRun: [conime.exe] conime.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Cleanup] C:\cleanup.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.1.119/dcsclictrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\servis\applic~1\mozilla\firefox\profiles\gny0hw9j.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-3 363344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile internet manager\AssistantServices.exe [2010-12-2 241664]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2010-7-5 1310720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-3 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-3 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-15 1714176]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-2 7680]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2010-12-13 323328]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-11 09:31:33 54016 ----a-w- c:\windows\system32\drivers\jwuypqh.sys
2011-02-11 09:11:13 1535 ----a-w- C:\backup.reg
2011-02-11 09:11:12 61440 ----a-w- c:\windows\system32\drivers\azmgh.sys
2011-02-11 09:11:12 574 ----a-w- C:\cleanup.bat
2011-02-11 09:11:12 19286 ----a-w- C:\cleanup.exe
2011-02-11 09:11:12 135168 ----a-w- C:\zip.exe
2011-02-10 08:33:20 712704 ----a-w- c:\windows\system\c6501a3d.dll
2011-02-10 08:33:20 712704 ----a-w- c:\windows\system\a3d.dll
2011-02-10 08:33:20 53248 ----a-w- c:\windows\system32\C6501rm.dll
2011-02-10 08:33:20 274432 ----a-w- c:\windows\system32\C6501rm.exe
2011-02-10 08:33:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-02-10 08:33:19 32768 ----a-w- c:\windows\system32\c6501prop.dll
2011-02-08 09:09:02 -------- d-----w- c:\program files\CPUID
2011-02-07 17:53:05 -------- d-s---w- c:\windows\Downloaded Program Files
2011-02-03 10:18:42 -------- d-----w- c:\docume~1\servis\applic~1\Malwarebytes
2011-02-03 10:18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 10:18:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-03 10:18:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 10:18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 08:43:30 -------- d-----w- c:\program files\common files\ParetoLogic
2011-02-03 08:43:29 -------- d-----w- c:\program files\ParetoLogic
2011-02-03 08:32:07 -------- d-----w- c:\docume~1\servis\applic~1\DriverCure
2011-02-03 08:32:06 -------- d-----w- c:\docume~1\servis\applic~1\ParetoLogic
2011-02-03 08:31:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2011-02-02 12:17:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-02 12:17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-02 11:20:58 -------- d-----w- c:\windows\ServicePackFiles
2011-02-02 11:20:31 19569 ----a-w- c:\windows\000001_.tmp
2011-02-02 10:25:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-02-02 10:06:12 -------- d-----w- c:\program files\CheckPoint
2011-02-02 10:05:40 -------- d-----w- c:\windows\Internet Logs
2011-02-02 09:26:36 -------- d-----w- c:\program files\Sunbelt Software
2011-02-02 09:08:25 -------- d-sh--w- C:\RECYCLER(2)
2011-02-01 08:51:37 -------- d-----w- c:\docume~1\servis\applic~1\ooVoo Details
2011-01-31 13:59:40 -------- d-----w- c:\docume~1\servis\applic~1\MAXON
2011-01-31 13:40:07 -------- d-----w- c:\program files\AMD
2011-01-31 13:39:40 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\Downloaded Installations
2011-01-31 09:39:05 -------- d-----w- c:\program files\USB Disk Security
2011-01-30 13:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-29 10:18:04 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\assembly
2011-01-29 10:17:46 -------- d-----w- c:\program files\NCSoft
2011-01-29 10:16:58 -------- d-----w- c:\docume~1\servis\applic~1\GetRightToGo
2011-01-26 10:15:54 -------- d-----w- c:\program files\Lavalys
2011-01-25 15:57:44 -------- d-----w- c:\windows\SHELLNEW
2011-01-25 15:36:29 -------- d-----w- c:\docume~1\servis\locals~1\applic~1\Microsoft Help
2011-01-25 14:23:16 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-01-25 14:23:16 331776 ----a-r- c:\windows\system32\hppcpr13.dll
2011-01-25 14:23:16 273408 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp6bu.DLL
2011-01-25 14:23:16 149504 ----a-w- c:\windows\system32\hpcpn6bu.dll
2011-01-25 13:46:05 -------- d-----w- c:\program files\HP
2011-01-25 13:46:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-25 13:46:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-25 13:40:15 -------- d-sh--w- c:\windows\ftpcache
2011-01-15 12:39:36 82854760 ----a-w- c:\program files\common files\windows live\.cache\wlcD0C.tmp

==================== Find3M ====================

2011-02-08 14:06:01 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-12-14 13:43:44 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:39:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll

============= FINISH: 11:36:29.85 ===============


mycity.rs/must-login.png

Dopuna: 11 Feb 2011 12:16

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 11 Feb 2011 12:24

RootRepeal kad pokrenem restartuje mi se komp

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozdrav. Za tu tvoju gresku moze biti mnogo uzroka a izmedju ostalog i malware. Da pogledamo malo dublje :




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 04 Avg 2009
  • Poruke: 166

ComboFix 11-02-09.05 - SERVIS 02/11/2011 12:35:21.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1588 [GMT 1:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-10 08:39 . 2011-02-10 16:24 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Winamp
2011-02-10 08:33 . 2007-06-28 08:02 274432 ----a-w- c:\windows\system32\C6501rm.exe
2011-02-10 08:33 . 2005-12-27 07:23 53248 ----a-w- c:\windows\system32\C6501rm.dll
2011-02-10 08:33 . 2004-08-18 10:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-02-10 08:33 . 2001-11-24 02:08 712704 ----a-w- c:\windows\system\c6501a3d.dll
2011-02-10 08:33 . 2001-11-24 02:08 712704 ----a-w- c:\windows\system\a3d.dll
2011-02-10 08:33 . 2006-06-28 04:54 32768 ----a-w- c:\windows\system32\c6501prop.dll
2011-02-08 09:09 . 2011-02-08 15:52 -------- d-----w- c:\program files\CPUID
2011-02-07 17:53 . 2011-02-07 17:53 -------- d-s---w- c:\windows\Downloaded Program Files
2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Malwarebytes
2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-03 10:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 10:18 . 2011-02-03 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 10:18 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 08:43 . 2011-02-03 08:43 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-02-03 08:43 . 2011-02-03 08:43 -------- d-----w- c:\program files\ParetoLogic
2011-02-03 08:32 . 2011-02-03 08:32 -------- d-----w- c:\documents and settings\SERVIS\Application Data\DriverCure
2011-02-03 08:32 . 2011-02-03 08:32 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ParetoLogic
2011-02-03 08:31 . 2011-02-03 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-02-02 12:17 . 2011-02-02 12:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-02 12:16 . 2011-02-02 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-02-02 11:20 . 2011-02-02 11:22 -------- d-----w- c:\windows\ServicePackFiles
2011-02-02 11:20 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp
2011-02-02 10:25 . 2011-02-02 10:25 -------- d-----w- c:\program files\Alwil Software
2011-02-02 10:25 . 2011-02-02 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-02-02 10:06 . 2011-02-02 10:06 -------- d-----w- c:\program files\CheckPoint
2011-02-02 10:05 . 2011-02-02 12:16 -------- d-----w- c:\windows\Internet Logs
2011-02-02 09:26 . 2011-02-02 09:26 -------- d-----w- c:\program files\Sunbelt Software
2011-02-02 09:08 . 2011-02-02 12:16 -------- d-----w- C:\RECYCLER(2)
2011-02-01 08:51 . 2011-02-01 08:51 -------- d-----w- c:\documents and settings\SERVIS\Application Data\ooVoo Details
2011-01-31 13:59 . 2011-01-31 13:59 -------- d-----w- c:\documents and settings\SERVIS\Application Data\MAXON
2011-01-31 13:40 . 2011-01-31 13:40 -------- d-----w- c:\program files\AMD
2011-01-31 13:39 . 2011-01-31 13:39 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Downloaded Installations
2011-01-31 09:39 . 2011-01-31 09:39 -------- d-----w- c:\program files\USB Disk Security
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-29 10:18 . 2011-01-29 10:18 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\assembly
2011-01-29 10:17 . 2011-01-29 10:20 -------- d-----w- c:\program files\NCSoft
2011-01-29 10:16 . 2011-01-29 10:17 -------- d-----w- c:\documents and settings\SERVIS\Application Data\GetRightToGo
2011-01-28 10:29 . 2011-01-28 10:29 -------- d-----w- c:\program files\Common Files\Skype
2011-01-26 10:15 . 2011-01-26 10:15 -------- d-----w- c:\program files\Lavalys
2011-01-25 15:57 . 2011-01-25 15:57 -------- d-----w- c:\windows\SHELLNEW
2011-01-25 15:36 . 2011-01-25 15:36 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Microsoft Help
2011-01-25 15:36 . 2011-01-25 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2011-01-25 14:24 . 2011-01-26 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2011-01-25 14:23 . 2008-10-01 04:01 331776 ----a-r- c:\windows\system32\hppcpr13.dll
2011-01-25 14:23 . 2008-07-23 12:01 273408 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6bu.DLL
2011-01-25 14:23 . 2008-07-23 12:01 149504 ----a-w- c:\windows\system32\hpcpn6bu.dll
2011-01-25 14:23 . 2007-07-16 14:29 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2011-01-25 13:46 . 2011-01-25 14:19 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-25 13:46 . 2011-01-25 14:24 -------- d-----w- c:\program files\HP
2011-01-25 13:46 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-01-25 13:46 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-01-25 13:40 . 2011-01-25 13:40 -------- d-sh--w- c:\windows\ftpcache
2011-01-15 12:39 . 2011-01-15 12:39 82854760 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcD0C.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 14:06 . 2008-04-14 02:41 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-12-14 13:43 . 2010-12-03 17:09 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:39 . 2010-12-03 17:09 29504 ----a-w- c:\windows\system32\uxtuneup.dll
.

------- Sigcheck -------

[-] 2009-03-15 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"UIExec"="c:\program files\T-Mobile Internet Manager\UIExec.exe" [2009-03-11 131584]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 824224]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 15:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-20 13:42 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/24/2010 7:31 PM 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [3/24/2010 7:31 PM 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2011 11:18 AM 363344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/14/2010 2:41 PM 1517376]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [7/5/2010 2:09 PM 1310720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2011 11:18 AM 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Internet Manager\AssistantServices.exe [12/2/2010 10:22 AM 241664]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/15/2010 11:24 AM 1714176]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/2/2010 10:22 AM 7680]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [12/13/2010 1:43 PM 323328]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-SERVIS-COM-SERVIS.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-12 01:44]

2011-02-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2011-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2011-02-03 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:04]

2011-02-03 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 09:04]

2011-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://192.168.1.119/dcsclictrl.cab
FF - ProfilePath - c:\documents and settings\SERVIS\Application Data\Mozilla\Firefox\Profiles\gny0hw9j.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C6501Sound - c6501.cpl
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-USBScan - c:\program files\USBScan\USBScan.exe
AddRemove-Advanced Crossfading - c:\program files\Winamp\plugins\unout_sqr2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-02-11 12:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-1965331169-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB04BE3-C89D-C213-9FE9-DB87C3D1D04F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacakpnbblalmeeemhebjnfoklpkkk"=hex:6b,61,67,6a,6f,67,67,66,69,70,6d,6a,68,6d,
6e,70,6e,66,6f,67,65,6d,00,7c
"namapjkieomebcjehdijnaabhbae"=hex:6b,61,67,6a,6f,67,67,66,69,70,6d,6a,68,6d,
6e,70,6e,66,6f,67,65,6d,00,7c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2011-02-11 12:38:59
ComboFix-quarantined-files.txt 2011-02-11 11:38

Pre-Run: 10,267,455,488 bytes free
Post-Run: 12,078,780,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5B6D2C0D4FF65C77C41FF26D6F57FB5C

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Za pocetak deinstaliraj Paretologic softver i izaberi izmedju Ad-aware-a i Malwarebytes-a... Imas mnogo security softvera.. Moguce i oni da uticu ..

offline
  • Pridružio: 04 Avg 2009
  • Poruke: 166

Napisano: 14 Feb 2011 9:24

diarno ::Za pocetak deinstaliraj Paretologic softver i izaberi izmedju Ad-aware-a i Malwarebytes-a... Imas mnogo security softvera.. Moguce i oni da uticu ..

pobrisao sam Paretologic i zasad se ne javlja problem ,sta da radim u slucaju da se ponovi ?

Dopuna: 14 Feb 2011 9:26

Sad samo sto sam poslao poruku ponovo se pojavi generic ?

Dopuna: 16 Feb 2011 9:08

Ima li kakvog rezenja za ovaj moj problem ???

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pa ovo nema veze sa malware-om.. mozes pomoc potrziti u windows podforumu.. pozzz

Ko je trenutno na forumu
 

Ukupno su 1367 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 1335 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, Alibaba1981, Bane san, Boris BM, djboj, Dorcolac, draganca, Fabius, FileFinder, ILGromovnik, Istman, Ivica1102, jackreacher011011, janbo, Joja2, kovinacc, kraJo, Krusarac, Mi lao shu, raketaš, S2M, sasakrajina, Srky Boy, suton, taz1cl, vasa.93, Vlada1389, vladulns, wolf1, zlatkoa987