Author Topic: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!  (Read 18864 times)

0 Members and 1 Guest are viewing this topic.

lore581

  • Guest
virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« on: October 10, 2012, 03:25:21 PM »
Hi guys,

Could someone help me?????
After installing Firefox I always get I suddenly got a pop up message from trend scan office saying they blocked a virus
Anti-virus programs cannot remove i.trkjmp.com/crossdomain.xml from my pc !!

Mbam Log
http://www.scribd.com/doc/109586365/mbam-log-2012-10-10-12-28-54

OTL.txt
http://www.scribd.com/doc/109586743/Otl

aswMBR.txt
http://www.scribd.com/doc/109587047/aswMBR

RKreport-1
http://www.scribd.com/doc/109587232/RKreport-1

RKreport-2
http://www.scribd.com/doc/109587451/RKreport-2

RKreport-3
http://www.scribd.com/doc/109587619/RKreport-3






Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #1 on: October 10, 2012, 03:32:07 PM »
Could you attach the OTL log to the post as I need to download it to analyse it


lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #2 on: October 10, 2012, 03:41:58 PM »
I already did in my first message


OTL.txt
http://www.scribd.com/doc/109590364/Otl[url=
« Last Edit: October 10, 2012, 03:49:59 PM by lore581 »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #3 on: October 10, 2012, 03:44:47 PM »
I cannot download from that site without generating an account which I do not wish to do so.  If I try and copy/paste the formatting is destroyed

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #4 on: October 10, 2012, 03:58:10 PM »
OTL logfile created on: 10/10/2012 13:28:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M1\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,93 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 23,66% Memory free
5,85 Gb Paging File | 3,31 Gb Available in Paging File | 56,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 234,04 Gb Free Space | 78,54% Space Free | Partition Type: NTFS
 Computer Name: M1 | User Name: M1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 ========== Processes (SafeList) ==========
 PRC - [2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
PRC - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () -- C:\Users\M1\Downloads\adwcleaner (1).exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/08/08 10:19:30 | 000,101,272 | ---- | M] (Visicom Media Inc.) -- C:\Program Files\adawaretb\ffHelper.exe
PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012/01/03 23:50:30 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/09/03 15:14:38 | 004,763,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/29 05:51:10 | 000,516,096 | ---- | M] (SAP AG, Walldorf) -- C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
PRC - [2010/03/17 04:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/02/05 17:01:00 | 000,849,192 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/04/02 16:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2007/08/02 12:08:08 | 000,081,920 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
 
 ========== Modules (No Company Name) ==========
 MOD - [2012/10/10 12:26:48 | 000,538,327 | ---- | M] () -- C:\Users\M1\Downloads\adwcleaner (1).exe
MOD - [2012/10/04 03:16:00 | 000,460,312 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/04 03:15:58 | 012,435,992 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
MOD - [2012/10/04 03:15:56 | 004,005,912 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
MOD - [2012/10/04 03:14:41 | 000,578,072 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libglesv2.dll
MOD - [2012/10/04 03:14:40 | 000,123,928 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\libegl.dll
MOD - [2012/10/04 03:14:29 | 000,156,712 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avutil-51.dll
MOD - [2012/10/04 03:14:27 | 000,275,496 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avformat-54.dll
MOD - [2012/10/04 03:14:26 | 002,168,360 | ---- | M] () -- C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\avcodec-54.dll
MOD - [2012/09/12 14:41:45 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\6a7fb6df47db31dac36a3a9801a21b42\Kies.Theme.ni.dll
MOD - [2012/09/12 14:41:45 | 000,606,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\433eefddf112b56672a8a1ee35b40c0d\DevicePodcast.ni.dll
MOD - [2012/09/12 14:41:45 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b35acc2956e687d8c3caca0661b8658e\DeviceVideo.ni.dll
MOD - [2012/09/12 14:41:44 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\09b5e28e6e2397e133e4bc92271b7ca1\DevicePhoto.ni.dll
MOD - [2012/09/12 14:41:44 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\5ad2ba488828d013dfdf510076375a29\DeviceMusic.ni.dll
MOD - [2012/09/12 14:41:43 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\9c70d66c4fa6908cf79bb33b0b11711f\PodcastService.ni.dll
MOD - [2012/09/12 14:41:43 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\21ed07f8387783454014dfc7b5f586d1\Podcaster.ni.dll
MOD - [2012/09/12 14:41:43 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\730d5f079a100b565e990efd8a9b9058\VideoManager.ni.dll
MOD - [2012/09/12 14:41:41 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\5c5890aa718a7bed4c4afeca05b9a223\PhotoManager.ni.dll
MOD - [2012/09/12 14:41:37 | 005,676,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\e2d92de20ec3f6747f634b8626317dde\DeviceHost.ni.dll
MOD - [2012/09/12 14:41:31 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c1fa42590e573b58059723e8502566c9\Phonebook.ni.dll
MOD - [2012/09/12 14:41:31 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\527c093151d98ac8ed719ac75ff4ab2f\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/09/12 14:41:28 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\6be346eb8432e793bbb3123e60010e21\CPKTMusicPlugin.ni.dll
MOD - [2012/09/12 14:41:26 | 000,962,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a8012f4fb6621a9dab285686e12a8d61\MusicManager.ni.dll
MOD - [2012/09/12 14:41:24 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\4560781672563cd7156d6ce314775d1e\BATPlugin.ni.dll
MOD - [2012/09/12 14:41:24 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\79eb5ad41e74bed0086a8083a6c8c300\EBookManager.ni.dll

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #5 on: October 10, 2012, 03:59:53 PM »
MOD - [2012/09/12 14:41:23 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f27710085dceabe3c4339f20c83e9b04\Kies.Common.MediaDB.ni.dll
MOD - [2012/09/12 14:41:23 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\d9fab7c2fa316f3b2ee79232e8432e4e\AllShareController.ni.dll
MOD - [2012/09/12 14:41:22 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\1bc82af332a9c5ea3d8a76db385ad681\Kies.Common.AllShare.ni.dll
MOD - [2012/09/12 14:41:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\12f8b358f13406f94c38df60ab4b4f31\Kies.Common.StoreManager.ni.dll
MOD - [2012/09/12 14:41:21 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c13efd28c9f49ec88fe0523aac81ded\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/09/12 14:41:21 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\12469c2abcd6388af01f04108d8e1878\ASF_cSharpAPI.ni.dll
MOD - [2012/09/12 14:41:20 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\38d9858815655be8556cbdbb8abcaf07\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/09/12 14:41:20 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d26876cac62dd0aec6a2ae5a635d238b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/09/12 14:41:19 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\de22660266429ba2c9a0ee4d18ca696e\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/09/12 14:41:19 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\78afe9b50dbcd5135d9260d11f249166\Interop.DevFileServiceLib.ni.dll
MOD - [2012/09/12 14:41:18 | 001,024,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ac07d819d7e1aba0866a9b26cfd9198\Kies.Common.DeviceService.ni.dll
MOD - [2012/09/12 14:41:18 | 000,901,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4960e26ebc78a57a1a3eef83b7552dd9\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/09/12 14:41:17 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c6d2cd24502c664bc76f2e3bd22ddfd1\Kies.Common.Multimedia.ni.dll
MOD - [2012/09/12 14:41:17 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6178dca61acdcd3d3a226eb072dea645\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/09/12 14:41:16 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\575a049dfe13964db34d62b6f1bdad5f\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:16 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\2cf68dad9c88a16fd18460345d855124\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\9dc3e0ae616c7239c74ce82a970ca743\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/09/12 14:41:15 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\c56da104f17d4a3141703e61c2a9a118\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/09/12 14:41:12 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\0f77a1a61bd7a4756adcac091ebf46fd\Kies.Common.MainUI.ni.dll
MOD - [2012/09/12 14:41:11 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\8e7c528748de50fb4697758b81b57b4d\Kies.Common.DBManager.ni.dll
MOD - [2012/09/12 14:41:10 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\116f694385a15386804af59028de6f7f\CabLib.ni.dll
MOD - [2012/09/12 14:41:09 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bc7df1e8253989feb8163881ea6c6002\Kies.UI.ni.dll
MOD - [2012/09/12 14:41:09 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\15f2a04d54b0d8b38bdf0f9d5b2ea990\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/09/12 14:41:08 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d0ac9d8d281fe302e0cde2a639769e55\Kies.Common.Util.ni.dll
MOD - [2012/09/12 14:41:07 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\969020374a914259cb60a8b3ec928928\Interop.DeviceSearchLib.ni.dll
MOD - [2012/09/12 14:41:05 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8bac6e5789841d666a2d4333600a355e\Kies.Locale.ni.dll
MOD - [2012/09/12 14:41:04 | 001,674,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6537299483d2e3ef9117428eeb0b24ad\Kies.ni.exe
MOD - [2012/09/12 14:41:04 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\4f04f07e37376418a5be2472ff48b784\Kies.MVVM.ni.dll
MOD - [2012/09/12 14:41:02 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\8d959268f6c6a3a4f1d3da78ebcfa50a\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/09/12 14:41:00 | 001,185,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\aa5478ab66f33c93cf29ce927b7066f9\Kies.Interface.ni.dll
MOD - [2012/09/12 14:40:56 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\313422d72f54628fc052bc054b0725ec\System.Runtime.Remoting.ni.dll
MOD - [2012/06/14 08:25:37 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:03:57 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/13 18:01:56 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/13 18:01:43 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/13 18:01:31 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/13 18:01:31 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/05/15 08:15:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/14 18:23:24 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/14 18:23:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/14 18:23:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012/05/14 18:23:14 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/14 18:23:08 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/03/05 13:49:58 | 001,860,096 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\ricaz0ur.dll
MOD - [2011/05/28 22:04:56 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/28 21:42:14 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2007/06/04 09:41:00 | 000,311,296 | ---- | M] () -- C:\Windows\System32\siecaces.dll
MOD - [2007/04/16 14:01:06 | 000,184,320 | ---- | M] () -- C:\Windows\System32\gmp4_2_1.dll

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #6 on: October 10, 2012, 04:01:44 PM »
========== Services (SafeList) ==========
 SRV - [2012/10/09 10:48:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 09:03:51 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/02 11:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)
SRV - [2011/07/11 17:13:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/08 16:44:42 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/09/03 15:07:48 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/17 04:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010/02/02 17:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/02/02 17:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2010/01/07 11:44:26 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 11:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/08/01 13:44:26 | 000,404,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/08 16:35:24 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/10/08 16:35:16 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/10/08 16:35:08 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/08/12 09:38:02 | 000,190,592 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserhp2k.sys -- (qcusbserhp2k)
DRV - [2010/08/12 09:38:02 | 000,106,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcombushp.sys -- (qcombushp)
DRV - [2010/08/12 09:38:00 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcfilterhp2k.sys -- (qcfilterhp2k)
DRV - [2010/03/22 20:41:00 | 002,697,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/03/17 04:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #7 on: October 10, 2012, 04:03:05 PM »
DRV - [2010/01/07 11:43:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2010/01/07 11:43:24 | 000,146,960 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2010/01/07 11:43:04 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/12/11 21:54:16 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/30 07:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/28 17:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 14:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/10/26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 11:21:00 | 000,315,392 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/27 11:41:02 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbserhp.sys -- (qcusbserhp)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/03 17:40:44 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/04/03 17:40:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 6E E9 87 01 A6 CD 01  [binary data]
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\URLSearchHook: {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - No CLSID value found
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{493CF50D-8EED-4AA4-8A88-B12AA6DDC4F5}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://badoo.com/startpage/?source=bsb&q={searchTerms}
IE - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "blekko"
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #8 on: October 10, 2012, 04:05:00 PM »
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M1\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 11:12:39 | 000,000,000 | ---D | M]
 [2011/09/12 15:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Extensions
[2012/10/10 11:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions
[2012/10/10 11:12:15 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/10/08 14:11:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/08 11:26:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/10/08 14:10:57 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com
[2012/10/10 11:12:25 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/10/08 14:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M1\AppData\Roaming\mozilla\Firefox\Profiles\9p3j86vm.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2011/09/12 17:35:20 | 000,002,023 | ---- | M] () -- C:\Users\M1\AppData\Roaming\mozilla\firefox\profiles\9p3j86vm.default\searchplugins\badoo.xml
[2011/09/12 15:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.587.187\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\M1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9P3J86VM.DEFAULT\EXTENSIONS\{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}
[2012/05/29 09:03:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 11:12:21 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/05/29 09:03:48 | 000,001,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2012/05/29 09:03:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/29 09:03:48 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2012/05/29 09:03:48 | 000,000,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2012/05/29 09:03:48 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/05/29 09:03:48 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
 
========== Chrome  ==========
 
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - default_search_provider: blekko (Enabled)
CHR - default_search_provider: search_url = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8FCB9B6856EA718FD6693B50753C4C13&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8FCB9B6856EA718FD6693B50753C4C13
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Cortona3D Viewer (Enabled) = C:\Program Files\Common Files\ParallelGraphics\Cortona\npcortona.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Hypercosm Player (Enabled) = C:\Program Files\Hypercosm\Hypercosm Player\components\nphypercosm.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\M1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..\Toolbar\WebBrowser: (no name) - {1D03A978-AC0C-4004-B9FD-9CF361C7BD3F} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #9 on: October 10, 2012, 04:06:07 PM »
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [KiesTrayAgent] c:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\Suo10_SmartRAM.exe" /m File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-21-299502267-261478967-725345543-63272..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKU\S-1-5-21-299502267-261478967-725345543-63272\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: peoplereview ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: peoplereview ([]https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: antexweb.net ([archiviazione] https in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: intranet.fw ([webdms] http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: peoplereview ([]http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-261478967-725345543-63272\..Trusted Domains: peoplereview ([]https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/IT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E70B0D09-3B24-43B7-A7B4-F13658C9B2E8} http://webdms.intranet.fw/UfficioAcquisti/DF_ucPDFzoom.CAB (DF_ucPDF.UserControlPDF)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.31.0.120 10.31.0.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fastwebit.ofc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E432B742-CDD9-4C12-8E4A-BB15AFC05933}: DhcpNameServer = 10.31.0.120 10.31.0.110
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/10 13:26:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 12:28:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:20:55 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\LavasoftStatistics
[2012/10/10 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/10/10 11:13:38 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/10/10 11:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/10 11:13:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/10/10 11:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/10 11:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/10 11:12:37 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\adawarebp
[2012/10/10 11:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #10 on: October 10, 2012, 04:07:12 PM »
[2012/10/10 11:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/10 11:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/10 11:11:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Ad-Aware Antivirus
[2012/10/10 09:11:10 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{45CB5A75-AC95-4ADF-A6B1-9202A251DFC8}
[2012/10/09 10:10:29 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Malwarebytes
[2012/10/09 10:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/09 10:09:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/09 08:09:29 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{89AD5C2E-BE33-4427-8FFE-2660777B4465}
[2012/10/08 14:31:07 | 000,000,000 | ---D | C] -- C:\ISM
[2012/10/08 14:29:31 | 000,000,000 | ---D | C] -- C:\ISM Downloader
[2012/10/08 14:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2012/10/08 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\M1\dwhelper
[2012/10/08 13:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/10/08 11:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDP Multimedia
[2012/10/08 11:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\SDP Multimedia
[2012/10/08 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\ProgSense
[2012/10/08 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\GrabPro
[2012/10/08 11:15:25 | 000,000,000 | ---D | C] -- C:\downloads
[2012/10/08 11:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/10/08 11:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2012/10/08 11:14:51 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Roaming\Orbit
[2012/10/08 08:40:19 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{29B7353F-6B81-4B0B-9AF9-E01CF076C9AD}
[2012/10/05 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{C22A585A-B408-421D-91A7-8A8F61D93A14}
[2012/10/04 08:59:58 | 000,000,000 | ---D | C] -- C:\Inferriate
[2012/10/04 08:27:15 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B222E37A-9A4D-4CAD-BA37-49E5C529C5C9}
[2012/10/03 08:00:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{6067D0AB-89EC-4FC1-A6D7-406A34F70C54}
[2012/10/02 16:17:10 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/10/02 07:34:06 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{FF48B980-E9E5-4CF4-90C6-48B27DE3148C}
[2012/10/01 10:14:32 | 000,000,000 | ---D | C] -- C:\SMALL Metroring
[2012/10/01 08:48:12 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{979EE470-0782-4BAF-8BC7-2957A2C1BBA2}
[2012/09/28 08:46:46 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{A1507E9E-0077-4FC4-9F34-EC290154EBFA}
[2012/09/27 08:42:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{7F9D6C4A-D985-4651-A693-C5B52B2F350A}
[2012/09/26 08:42:43 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/09/26 08:40:17 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{E091E540-7D76-438E-ACBE-EE9809F4DB28}
[2012/09/24 09:56:39 | 000,000,000 | ---D | C] -- C:\Teresi
[2012/09/24 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{6879350F-37A4-4709-995D-CC7F943F2CE8}
[2012/09/21 07:56:51 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{EDB56023-F1B0-44B5-BB01-A2D1E7BD3094}
[2012/09/20 08:34:14 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{4930AAD6-BC9D-42A3-8F37-B46781781072}
[2012/09/19 16:10:38 | 000,000,000 | ---D | C] -- C:\GDF
[2012/09/19 14:21:18 | 000,000,000 | ---D | C] -- C:\Convenzioni Enterprise 2012
[2012/09/19 13:44:31 | 000,000,000 | ---D | C] -- C:\CONSIP 2012
[2012/09/19 11:34:25 | 000,000,000 | ---D | C] -- C:\DA CANCELLARE
[2012/09/19 08:34:53 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{BD6900A7-E79C-4BAB-98A3-D1021463F266}
[2012/09/18 07:58:18 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{15AD6A13-2DF6-44B6-8094-AF4B81EDE54A}
[2012/09/17 17:10:45 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\WinTestGear
[2012/09/17 17:08:26 | 000,000,000 | ---D | C] -- C:\Users\M1\.eclipse
[2012/09/17 08:18:45 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{0110A67F-AA3E-4BCA-A2A4-6804CC7A0607}

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #11 on: October 10, 2012, 04:08:20 PM »
 [2012/09/14 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{07478AB3-45B8-4046-8A07-015FDFA1B745}
[2012/09/13 07:57:27 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{26AAA7AA-37B9-4B9B-87EC-67DBC6B495BC}
[2012/09/12 14:39:22 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/09/12 14:39:21 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/09/12 08:16:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 08:16:37 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/12 08:16:37 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 08:16:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 08:14:20 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B31494D8-CCBB-46B8-8F99-F28B2A188517}
[2012/09/11 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\M1\Desktop\DVD
[2012/09/11 09:38:55 | 000,000,000 | ---D | C] -- C:\Users\M1\Desktop\Ceramiche
[2012/09/11 07:48:52 | 000,000,000 | ---D | C] -- C:\Users\M1\AppData\Local\{B6A44A5E-5E7B-4F85-9A3C-59DF3D626835}
[5 C:\Users\M1\Desktop\*.tmp files -> C:\Users\M1\Desktop\*.tmp -> ]
[1 C:\Users\M1\Documents\*.tmp files -> C:\Users\M1\Documents\*.tmp -> ]
[1 C:\Users\M1\AppData\Roaming\*.tmp files -> C:\Users\M1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/10 13:32:50 | 000,000,104 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012/10/10 13:26:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M1\Desktop\OTL (1).exe
[2012/10/10 13:23:02 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/10 12:52:02 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272UA.job
[2012/10/10 12:47:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/10 12:28:44 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/10 11:24:48 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/10 09:23:02 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/10 09:18:19 | 000,640,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/10 09:18:19 | 000,111,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:17:54 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 09:12:27 | 000,000,405 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012/10/10 09:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 09:09:53 | 2357,542,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/09 16:57:46 | 000,016,101 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/10/09 13:52:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261478967-725345543-63272Core.job
[2012/10/09 10:56:39 | 000,043,420 | ---- | M] () -- C:\Users\M1\Desktop\scaled.png
[2012/10/09 10:47:59 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 10:47:58 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/09 10:09:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | M] () -- C:\user.js
[2012/10/08 13:56:37 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/10/08 13:55:36 | 022,617,148 | ---- | M] () -- C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | M] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | M] () -- C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | M] () -- C:\Users\M1\Desktop\1.MHTML
[2012/10/03 07:59:56 | 000,001,409 | ---- | M] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/02 16:17:10 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/10/02 16:17:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/10/02 16:17:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/10/02 16:17:09 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/10/02 16:17:09 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/10/02 16:17:09 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/10/02 16:17:09 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/10/02 16:17:09 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/10/02 16:17:09 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/10/02 16:17:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/10/02 16:17:09 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/10/02 16:17:09 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/10/02 16:17:08 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/10/02 16:17:08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/10/02 16:17:08 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/10/02 16:17:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/10/02 16:17:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/10/02 16:17:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/10/02 16:17:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/10/02 16:17:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/10/02 16:17:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/10/02 16:17:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/10/02 16:17:06 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/02 16:17:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/10/02 16:17:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/10/02 16:17:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/10/02 16:17:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/10/02 16:17:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/10/02 16:17:05 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/10/02 16:17:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/10/02 16:17:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/10/02 16:17:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/10/02 16:17:04 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/10/02 16:17:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/10/02 16:17:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/10/02 16:17:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/10/02 16:17:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/10/02 16:17:03 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[5 C:\Users\M1\Desktop\*.tmp files -> C:\Users\M1\Desktop\*.tmp -> ]
[1 C:\Users\M1\Documents\*.tmp files -> C:\Users\M1\Documents\*.tmp -> ]
[1 C:\Users\M1\AppData\Roaming\*.tmp files -> C:\Users\M1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #12 on: October 10, 2012, 04:09:43 PM »
[2012/10/10 13:32:07 | 000,000,104 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/10/10 11:13:45 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/09 10:09:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/08 15:13:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/10/08 13:59:20 | 000,000,098 | ---- | C] () -- C:\user.js
[2012/10/08 13:54:35 | 022,617,148 | ---- | C] () -- C:\Users\M1\Desktop\vlc-2.0.3-win32.exe
[2012/10/08 11:30:27 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\SDP Downloader.lnk
[2012/10/08 11:15:23 | 000,001,035 | ---- | C] () -- C:\Users\M1\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012/10/08 11:15:23 | 000,001,011 | ---- | C] () -- C:\Users\M1\Desktop\Orbit.lnk
[2012/10/05 10:40:41 | 000,325,309 | ---- | C] () -- C:\Users\M1\Desktop\1.MHTML
[2012/07/24 12:24:25 | 000,007,622 | ---- | C] () -- C:\Users\M1\AppData\Local\Resmon.ResmonCfg
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/22 09:52:07 | 000,002,249 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/07/21 14:20:23 | 000,004,916 | RHS- | C] () -- C:\Users\M1\ntuser.pol
[2011/07/15 18:45:39 | 000,000,687 | ---- | C] () -- C:\Windows\saplogon.ini
[2011/07/15 18:07:21 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011/07/15 18:07:20 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011/07/15 18:07:20 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011/07/15 18:07:17 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011/07/15 18:07:16 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011/07/15 18:06:11 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll
[2011/07/15 17:45:17 | 000,016,101 | ---- | C] () -- C:\Windows\cfgall.ini
[2011/07/15 17:33:10 | 000,311,296 | ---- | C] () -- C:\Windows\System32\siecaces.dll
[2011/07/15 17:33:10 | 000,184,320 | ---- | C] () -- C:\Windows\System32\gmp4_2_1.dll
[2011/07/15 17:33:10 | 000,028,672 | ---- | C] () -- C:\Windows\System32\siecacsp.dll
[2011/07/15 16:56:44 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/07/15 16:55:40 | 000,000,405 | ---- | C] () -- C:\Windows\SMSCFG.INI
[2011/07/12 15:10:23 | 000,005,849 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/12 09:48:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/12 09:48:35 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/09 18:25:58 | 000,870,544 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/02/09 18:25:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/02/09 18:25:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/02/09 18:25:56 | 000,127,896 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/02/09 18:25:56 | 000,050,036 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/02/09 18:25:56 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/09 18:25:55 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009/07/14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 23:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 23:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 23:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2010/11/20 23:29:11 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 12:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 07:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 23:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #13 on: October 10, 2012, 04:10:50 PM »
SRV - [2011/11/17 07:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 23:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 23:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 23:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 23:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 23:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 23:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 23:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 23:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 23:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 23:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 23:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 23:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: SERVICES  >
[2011/07/21 14:30:20 | 000,021,282 | ---- | M] () MD5=2D8AF6FD457C5B2E39ACC75F387C1CA8 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2011/04/12 03:29:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2011/04/12 03:29:15 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >

lore581

  • Guest
Re: virus http://i.trkjmp.com/crossdomain.xml !! help me !!!!
« Reply #14 on: October 10, 2012, 05:02:51 PM »
Finished !
Any result ?
ty :)