Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lore581 on October 10, 2012, 03:25:21 PM

Title: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 03:25:21 PM
Hi guys,

Could someone help me?????
After installing Firefox I always get I suddenly got a pop up message from trend scan office saying they blocked a virus
Anti-virus programs cannot remove i.trkjmp.com/crossdomain.xml from my pc !!

Mbam Log
http://www.scribd.com/doc/109586365/mbam-log-2012-10-10-12-28-54 (http://www.scribd.com/doc/109586365/mbam-log-2012-10-10-12-28-54)

OTL.txt
http://www.scribd.com/doc/109586743/Otl (http://www.scribd.com/doc/109586743/Otl)

aswMBR.txt
http://www.scribd.com/doc/109587047/aswMBR (http://www.scribd.com/doc/109587047/aswMBR)

RKreport-1
http://www.scribd.com/doc/109587232/RKreport-1 (http://www.scribd.com/doc/109587232/RKreport-1)

RKreport-2
http://www.scribd.com/doc/109587451/RKreport-2 (http://www.scribd.com/doc/109587451/RKreport-2)

RKreport-3
http://www.scribd.com/doc/109587619/RKreport-3 (http://www.scribd.com/doc/109587619/RKreport-3)





Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 10, 2012, 03:32:07 PM
Could you attach the OTL log to the post as I need to download it to analyse it

Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 03:41:58 PM
I already did in my first message


OTL.txt
http://www.scribd.com/doc/109590364/Otl[url= (http://www.scribd.com/doc/109590364/Otl[url=)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 10, 2012, 03:44:47 PM
I cannot download from that site without generating an account which I do not wish to do so.  If I try and copy/paste the formatting is destroyed
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 03:58:10 PM
OTL logfile created on: 10/10/2012 13:28:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M1\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,93 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 23,66% Memory free
5,85 Gb Paging File | 3,31 Gb Available in Paging File | 56,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 234,04 Gb Free Space | 78,54% Space Free | Partition Type: NTFS
 Computer Name: M1 | User Name: M1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 ========== Processes (SafeList) ==========
 PRC - [2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
PRC - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () -- C:\Users\M1\Downloads\adwcleaner (1).exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/08/08 10:19:30 | 000,101,272 | ---- | M] (Visicom Media Inc.) -- C:\Program Files\adawaretb\ffHelper.exe
PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012/01/03 23:50:30 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/09/03 15:14:38 | 004,763,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/29 05:51:10 | 000,516,096 | ---- | M] (SAP AG, Walldorf) -- C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
PRC - [2010/03/17 04:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/02/05 17:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2007/08/02 12:08:08 | 000,081,920 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
 
 ========== Modules (No Company Name) ==========
 MOD - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () -- C:\Users\M1\Downloads\adwcleaner (1).exe
MOD - [2012/10/04 03:16:00 | 000,460,312 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/04 03:15:58 | 012,435,992 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
MOD - [2012/10/04 03:15:56 | 004,005,912 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
MOD - [2012/10/04 03:14:41 | 000,578,072 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libglesv2.dll
MOD - [2012/10/04 03:14:40 | 000,123,928 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libegl.dll
MOD - [2012/10/04 03:14:29 | 000,156,712 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avutil-51.dll
MOD - [2012/10/04 03:14:27 | 000,275,496 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avformat-54.dll
MOD - [2012/10/04 03:14:26 | 002,168,360 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll
MOD - [2012/09/12 14:41:45 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6a7fb6df47db31dac36a3a9801a21b42\Kies.Theme.ni.dll
MOD - [2012/09/12 14:41:45 | 000,606,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\433eefddf112b56672a8a1ee35b40c0d\DevicePodcast.ni.dll
MOD - [2012/09/12 14:41:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b35acc2956e687d8c3caca0661b8658e\DeviceVideo.ni.dll
MOD - [2012/09/12 14:41:44 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\09b5e28e6e2397e133e4bc92271b7ca1\DevicePhoto.ni.dll
MOD - [2012/09/12 14:41:44 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\5ad2ba488828d013dfdf510076375a29\DeviceMusic.ni.dll
MOD - [2012/09/12 14:41:43 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\9c70d66c4fa6908cf79bb33b0b11711f\PodcastService.ni.dll
MOD - [2012/09/12 14:41:43 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\21ed07f8387783454014dfc7b5f586d1\Podcaster.ni.dll
MOD - [2012/09/12 14:41:43 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\730d5f079a100b565e990efd8a9b9058\VideoManager.ni.dll
MOD - [2012/09/12 14:41:41 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\5c5890aa718a7bed4c4afeca05b9a223\PhotoManager.ni.dll
MOD - [2012/09/12 14:41:37 | 005,676,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\e2d92de20ec3f6747f634b8626317dde\DeviceHost.ni.dll
MOD - [2012/09/12 14:41:31 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c1fa42590e573b58059723e8502566c9\Phonebook.ni.dll
MOD - [2012/09/12 14:41:31 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\527c093151d98ac8ed719ac75ff4ab2f\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/09/12 14:41:28 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\6be346eb8432e793bbb3123e60010e21\CPKTMusicPlugin.ni.dll
MOD - [2012/09/12 14:41:26 | 000,962,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a8012f4fb6621a9dab285686e12a8d61\MusicManager.ni.dll
MOD - [2012/09/12 14:41:24 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\4560781672563cd7156d6ce314775d1e\BATPlugin.ni.dll
MOD - [2012/09/12 14:41:24 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\79eb5ad41e74bed0086a8083a6c8c300\EBookManager.ni.dll
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 03:59:53 PM
MOD - [2012/09/12 14:41:23 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f27710085dceabe3c4339f20c83e9b04\Kies.Common.MediaDB.ni.dll
MOD - [2012/09/12 14:41:23 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d9fab7c2fa316f3b2ee79232e8432e4e\AllShareController.ni.dll
MOD - [2012/09/12 14:41:22 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\1bc82af332a9c5ea3d8a76db385ad681\Kies.Common.AllShare.ni.dll
MOD - [2012/09/12 14:41:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\12f8b358f13406f94c38df60ab4b4f31\Kies.Common.StoreManager.ni.dll
MOD - [2012/09/12 14:41:21 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c13efd28c9f49ec88fe0523aac81ded\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/09/12 14:41:21 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\12469c2abcd6388af01f04108d8e1878\ASF_cSharpAPI.ni.dll
MOD - [2012/09/12 14:41:20 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\38d9858815655be8556cbdbb8abcaf07\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/09/12 14:41:20 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d26876cac62dd0aec6a2ae5a635d238b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/09/12 14:41:19 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\de22660266429ba2c9a0ee4d18ca696e\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/09/12 14:41:19 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\78afe9b50dbcd5135d9260d11f249166\Interop.DevFileServiceLib.ni.dll
MOD - [2012/09/12 14:41:18 | 001,024,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ac07d819d7e1aba0866a9b26cfd9198\Kies.Common.DeviceService.ni.dll
MOD - [2012/09/12 14:41:18 | 000,901,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4960e26ebc78a57a1a3eef83b7552dd9\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/09/12 14:41:17 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c6d2cd24502c664bc76f2e3bd22ddfd1\Kies.Common.Multimedia.ni.dll
MOD - [2012/09/12 14:41:17 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6178dca61acdcd3d3a226eb072dea645\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/09/12 14:41:16 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\575a049dfe13964db34d62b6f1bdad5f\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:16 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\2cf68dad9c88a16fd18460345d855124\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\9dc3e0ae616c7239c74ce82a970ca743\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\c56da104f17d4a3141703e61c2a9a118\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/09/12 14:41:12 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\0f77a1a61bd7a4756adcac091ebf46fd\Kies.Common.MainUI.ni.dll
MOD - [2012/09/12 14:41:11 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\8e7c528748de50fb4697758b81b57b4d\Kies.Common.DBManager.ni.dll
MOD - [2012/09/12 14:41:10 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\116f694385a15386804af59028de6f7f\CabLib.ni.dll
MOD - [2012/09/12 14:41:09 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bc7df1e8253989feb8163881ea6c6002\Kies.UI.ni.dll
MOD - [2012/09/12 14:41:09 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\15f2a04d54b0d8b38bdf0f9d5b2ea990\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/09/12 14:41:08 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d0ac9d8d281fe302e0cde2a639769e55\Kies.Common.Util.ni.dll
MOD - [2012/09/12 14:41:07 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\969020374a914259cb60a8b3ec928928\Interop.DeviceSearchLib.ni.dll
MOD - [2012/09/12 14:41:05 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8bac6e5789841d666a2d4333600a355e\Kies.Locale.ni.dll
MOD - [2012/09/12 14:41:04 | 001,674,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6537299483d2e3ef9117428eeb0b24ad\Kies.ni.exe
MOD - [2012/09/12 14:41:04 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\4f04f07e37376418a5be2472ff48b784\Kies.MVVM.ni.dll
MOD - [2012/09/12 14:41:02 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\8d959268f6c6a3a4f1d3da78ebcfa50a\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/09/12 14:41:00 | 001,185,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\aa5478ab66f33c93cf29ce927b7066f9\Kies.Interface.ni.dll
MOD - [2012/09/12 14:40:56 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\313422d72f54628fc052bc054b0725ec\System.Runtime.Remoting.ni.dll
MOD - [2012/06/14 08:25:37 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:03:57 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/13 18:01:56 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/13 18:01:43 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/13 18:01:31 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/13 18:01:31 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/05/15 08:15:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/14 18:23:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/14 18:23:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/14 18:23:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012/05/14 18:23:14 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/14 18:23:08 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/03/05 13:49:58 | 001,860,096 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\ricaz0ur.dll
MOD - [2011/05/28 22:04:56 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/28 21:42:14 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2007/06/04 09:41:00 | 000,311,296 | ---- | M] () -- C:\Windows\System32\siecaces.dll
MOD - [2007/04/16 14:01:06 | 000,184,320 | ---- | M] () -- C:\Windows\System32\gmp4_2_1.dll
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:01:44 PM
========== Services (SafeList) ==========
 SRV - [2012/10/09 10:48:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 09:03:51 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
SRV - [2011/07/11 17:13:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/01 13:44:26 | 000,404,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/08 16:35:24 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/10/08 16:35:16 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/10/08 16:35:08 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/12 09:38:02 | 000,190,592 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserhp2k.sys -- (qcusbserhp2k)
DRV - [2010/08/12 09:38:02 | 000,106,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcombushp.sys -- (qcombushp)
DRV - [2010/08/12 09:38:00 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcfilterhp2k.sys -- (qcfilterhp2k)
DRV - [2010/03/22 20:41:00 | 002,697,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/03/17 04:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:03:05 PM
DRV - [2010/01/07 11:43:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/01/07 11:43:24 | 000,146,960 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/01/07 11:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/11 21:54:16 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/30 07:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/28 17:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 14:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/10/26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 11:21:00 | 000,315,392 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/27 11:41:02 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbserhp.sys -- (qcusbserhp)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/03 17:40:44 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/04/03 17:40:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 6E E9 87 01 A6 CD 01  [binary data]
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\URLSearchHook: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - No CLSID value found
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{493CF50D-8EED-4AA4-8A88-B12AA6DDC4F5}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "blekko"
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:05:00 PM
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 11:12:39 | 000,000,000 | ---D | M]
 [2011/09/12 15:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Extensions
[2012/10/10 11:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions
[2012/10/10 11:12:15 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/10/08 14:11:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/08 11:26:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/10/08 14:10:57 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com
[2012/10/10 11:12:25 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/08 14:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2011/09/12 17:35:20 | 000,002,023 | ---- | M] () -- C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\9p3j86vm.default\searchplugins\badoo.xml
[2011/09/12 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.587.187\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\M1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9P3J86VM.DEFAULT\EXTENSIONS\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
[2012/05/29 09:03:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 11:12:21 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/29 09:03:48 | 000,001,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2012/05/29 09:03:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/29 09:03:48 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2012/05/29 09:03:48 | 000,000,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2012/05/29 09:03:48 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/05/29 09:03:48 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
 
========== Chrome  ==========
 
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Hypercosm Player (Enabled) = C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\Toolbar\WebBrowser: (no name) - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:06:07 PM
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesTrayAgent] c:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe" /m File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: peoplereview ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: peoplereview ([]https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: antexweb.net ([archiviazione] https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: intranet.fw ([webdms] http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: peoplereview ([]http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: peoplereview ([]https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/IT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E70B0D09-3B24-43B7-A7B4-F13658C9B2E8} http://webdms.intranet.fw/UfficioAcquisti/DF_ucPDFzoom.CAB (DF_ucPDF.UserControlPDF)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.31.0.120 10.31.0.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fastwebit.ofc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E432B742-CDD9-4C12-8E4A-BB15AFC05933}: DhcpNameServer = 10.31.0.120 10.31.0.110
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/10 13:26:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 12:28:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:20:55 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\LavasoftStatistics
[2012/10/10 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/10/10 11:13:38 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/10/10 11:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/10 11:13:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/10/10 11:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/10 11:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/10 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\adawarebp
[2012/10/10 11:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:07:12 PM
[2012/10/10 11:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/10 11:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/10 11:11:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Ad-Aware Antivirus
[2012/10/10 09:11:10 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{45CB5A75-AC95-4ADF-A6B1-9202A251DFC8}
[2012/10/09 10:10:29 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Malwarebytes
[2012/10/09 10:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/09 10:09:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/09 08:09:29 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{89AD5C2E-BE33-4427-8FFE-2660777B4465}
[2012/10/08 14:31:07 | 000,000,000 | ---D | C] -- C:\ISM
[2012/10/08 14:29:31 | 000,000,000 | ---D | C] -- C:\ISM Downloader
[2012/10/08 14:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/10/08 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\M1\dwhelper
[2012/10/08 13:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/10/08 11:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDP Multimedia
[2012/10/08 11:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\SDP Multimedia
[2012/10/08 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\ProgSense
[2012/10/08 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\GrabPro
[2012/10/08 11:15:25 | 000,000,000 | ---D | C] -- C:\downloads
[2012/10/08 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/10/08 11:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2012/10/08 11:14:51 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Orbit
[2012/10/08 08:40:19 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{29B7353F-6B81-4B0B-9AF9-E01CF076C9AD}
[2012/10/05 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{C22A585A-B408-421D-91A7-8A8F61D93A14}
[2012/10/04 08:59:58 | 000,000,000 | ---D | C] -- C:\Inferriate
[2012/10/04 08:27:15 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B222E37A-9A4D-4CAD-BA37-49E5C529C5C9}
[2012/10/03 08:00:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{6067D0AB-89EC-4FC1-A6D7-406A34F70C54}
[2012/10/02 16:17:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/10/02 07:34:06 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{FF48B980-E9E5-4CF4-90C6-48B27DE3148C}
[2012/10/01 10:14:32 | 000,000,000 | ---D | C] -- C:\SMALL Metroring
[2012/10/01 08:48:12 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{979EE470-0782-4BAF-8BC7-2957A2C1BBA2}
[2012/09/28 08:46:46 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{A1507E9E-0077-4FC4-9F34-EC290154EBFA}
[2012/09/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{7F9D6C4A-D985-4651-A693-C5B52B2F350A}
[2012/09/26 08:42:43 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 08:40:17 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{E091E540-7D76-438E-ACBE-EE9809F4DB28}
[2012/09/24 09:56:39 | 000,000,000 | ---D | C] -- C:\Teresi
[2012/09/24 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{6879350F-37A4-4709-995D-CC7F943F2CE8}
[2012/09/21 07:56:51 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{EDB56023-F1B0-44B5-BB01-A2D1E7BD3094}
[2012/09/20 08:34:14 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{4930AAD6-BC9D-42A3-8F37-B46781781072}
[2012/09/19 16:10:38 | 000,000,000 | ---D | C] -- C:\GDF
[2012/09/19 14:21:18 | 000,000,000 | ---D | C] -- C:\Convenzioni Enterprise 2012
[2012/09/19 13:44:31 | 000,000,000 | ---D | C] -- C:\CONSIP 2012
[2012/09/19 11:34:25 | 000,000,000 | ---D | C] -- C:\DA CANCELLARE
[2012/09/19 08:34:53 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{BD6900A7-E79C-4BAB-98A3-D1021463F266}
[2012/09/18 07:58:18 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{15AD6A13-2DF6-44B6-8094-AF4B81EDE54A}
[2012/09/17 17:10:45 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\WinTestGear
[2012/09/17 17:08:26 | 000,000,000 | ---D | C] -- C:\Users\M1\.eclipse
[2012/09/17 08:18:45 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{0110A67F-AA3E-4BCA-A2A4-6804CC7A0607}
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:08:20 PM
 [2012/09/14 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{07478AB3-45B8-4046-8A07-015FDFA1B745}
[2012/09/13 07:57:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{26AAA7AA-37B9-4B9B-87EC-67DBC6B495BC}
[2012/09/12 14:39:22 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/09/12 14:39:21 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/09/12 08:16:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 08:16:37 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 08:16:37 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 08:16:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 08:14:20 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B31494D8-CCBB-46B8-8F99-F28B2A188517}
[2012/09/11 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\M1\Desktop\DVD
[2012/09/11 09:38:55 | 000,000,000 | ---D | C] -- C:\Users\M1\Desktop\Ceramiche
[2012/09/11 07:48:52 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B6A44A5E-5E7B-4F85-9A3C-59DF3D626835}
[5 C:\Users\M1\Desktop\*.tmp files -> C:\Users\M1\Desktop\*.tmp -> ]
[1 C:\Users\M1\Documents\*.tmp files -> C:\Users\M1\Documents\*.tmp -> ]
[1 C:\Users\M1\AppData\Roaming\*.tmp files -> C:\Users\M1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/10 13:32:50 | 000,000,104 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 13:23:02 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/10 12:52:02 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272UA.job
[2012/10/10 12:47:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:24:48 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/10 09:23:02 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/10 09:18:19 | 000,640,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/10 09:18:19 | 000,111,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:12:27 | 000,000,405 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012/10/10 09:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 09:09:53 | 2357,542,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 16:57:46 | 000,016,101 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/10/09 13:52:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272Core.job
[2012/10/09 10:56:39 | 000,043,420 | ---- | M] () -- C:\Users\M1\Desktop\scaled.png
[2012/10/09 10:47:59 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 10:47:58 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/09 10:09:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | M] () -- C:\user.js
[2012/10/08 13:56:37 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/10/08 13:55:36 | 022,617,148 | ---- | M] () -- C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | M] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | M] () -- C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | M] () -- C:\Users\M1\Desktop\1.MHTML
[2012/10/03 07:59:56 | 000,001,409 | ---- | M] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/02 16:17:10 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/10/02 16:17:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[5 C:\Users\M1\Desktop\*.tmp files -> C:\Users\M1\Desktop\*.tmp -> ]
[1 C:\Users\M1\Documents\*.tmp files -> C:\Users\M1\Documents\*.tmp -> ]
[1 C:\Users\M1\AppData\Roaming\*.tmp files -> C:\Users\M1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:09:43 PM
[2012/10/10 13:32:07 | 000,000,104 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/10/10 11:13:45 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/09 10:09:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | C] () -- C:\user.js
[2012/10/08 13:54:35 | 022,617,148 | ---- | C] () -- C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | C] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | C] () -- C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | C] () -- C:\Users\M1\Desktop\1.MHTML
[2012/07/24 12:24:25 | 000,007,622 | ---- | C] () -- C:\Users\M1\AppData\Local\Resmon.ResmonCfg
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/22 09:52:07 | 000,002,249 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/07/21 14:20:23 | 000,004,916 | RHS- | C] () -- C:\Users\M1\ntuser.pol
[2011/07/15 18:45:39 | 000,000,687 | ---- | C] () -- C:\Windows\saplogon.ini
[2011/07/15 18:07:21 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011/07/15 18:07:20 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011/07/15 18:07:20 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011/07/15 18:07:17 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011/07/15 18:07:16 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011/07/15 18:06:11 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll
[2011/07/15 17:45:17 | 000,016,101 | ---- | C] () -- C:\Windows\cfgall.ini
[2011/07/15 17:33:10 | 000,311,296 | ---- | C] () -- C:\Windows\System32\siecaces.dll
[2011/07/15 17:33:10 | 000,184,320 | ---- | C] () -- C:\Windows\System32\gmp4_2_1.dll
[2011/07/15 17:33:10 | 000,028,672 | ---- | C] () -- C:\Windows\System32\siecacsp.dll
[2011/07/15 16:56:44 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/07/15 16:55:40 | 000,000,405 | ---- | C] () -- C:\Windows\SMSCFG.INI
[2011/07/12 15:10:23 | 000,005,849 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/12 09:48:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/12 09:48:35 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/09 18:25:58 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/02/09 18:25:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/02/09 18:25:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/02/09 18:25:56 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/02/09 18:25:56 | 000,050,036 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/02/09 18:25:56 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/09 18:25:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009/07/14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 23:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 23:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 23:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010/11/20 23:29:11 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 12:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 07:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 23:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 04:10:50 PM
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 23:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 23:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 23:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 23:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 23:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 23:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 23:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 23:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 23:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 23:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 23:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 23:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: SERVICES  >
[2011/07/21 14:30:20 | 000,021,282 | ---- | M] () MD5=2D8AF6FD457C5B2E39ACC75F387C1CA8 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 10, 2012, 05:02:51 PM
Finished !
Any result ?
ty :)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 10, 2012, 07:35:32 PM
You could have attached it  ;D

OK let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:OTL
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "blekko"
[2012/10/08 14:10:57 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com
[2011/09/12 17:35:20 | 000,002,023 | ---- | M] () -- C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\9p3j86vm.default\searchplugins\badoo.xml
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\Toolbar\WebBrowser: (no name) - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - No CLSID value found.
[2012/10/10 11:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

:Files
C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 11, 2012, 10:18:04 AM
Here I am.....
:)
thank you in advance for your support !
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: Pondus on October 11, 2012, 10:22:53 AM
as essexboy already stated....it is easyer if you attach the logs here...not copy and paste

just below the box you write in here you will see "attachment and other options"  click that to attach
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 11, 2012, 07:33:43 PM
Are you still getting the alerts ?
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 12, 2012, 08:16:56 AM
Are you still getting the alerts ?


Well.... after pasting the script into OTL editor I clicked OK to reboot the computer and the alerts disappeared !
Now, I've just turn on my pc and I've still found the alerts..... mmmmhh :(

Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 12, 2012, 11:29:52 AM
Lets see if this can find the remnants

Download AdwCleaner from here (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop
Run AdwCleaner and select Delete

(https://dl.dropbox.com/u/73555776/AdwCleaner.GIF)

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 12, 2012, 12:07:16 PM
I clicked on Delete button , then I reboot pc but no log file was created.
I tried 4 times.

I also tried to click on search button but it says
T:\AdwCleaner[R2].txt

The system cannot find the drive specified
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 12, 2012, 02:50:56 PM
Did you download it to your desktop and run it from there ?

Also do you have Firefox set to synch when you go online ?
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 12, 2012, 03:14:35 PM
1) Yes
2) I unistalled Firefox ...
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 12, 2012, 03:20:43 PM
Could you attach a screenshot of the alert please as it will show me more information
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 12, 2012, 03:38:49 PM
Here they are :)
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 12, 2012, 03:40:38 PM
Could you run a fresh OTL log please and attach that ...  Do the alerts only occur in IE now ?
Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: lore581 on October 12, 2012, 05:11:21 PM
I've just realized the alerts appear only with Chrome.
I use both IE and Chrome. It depends.
And if I use IE and Chrome at the same time, the alerts appear.

Title: Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
Post by: essexboy on October 12, 2012, 07:53:53 PM
OK it is Vidsaver in Chrome, if this does not cure it then delete that addon from Chrome

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:Files
C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]