cho hỏi máy tính này có bị virus gì không ?

[warm_boy_8x]

Hijack Hunter 1.8.4.1

You must be registered for see links

Log created on 1/29/2011 at 9:48:22 PM



[+] Generic system info



Operating System: Microsoft Windows XP Service Pack 3 32-bit


Build Version: 2600.xpsp.080413-2111


Internet Explorer: 8.0.6001.18702


System Folder: C:\WINDOWS\system32



[+] Running processes



[System Process] (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)


System (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)


C:\WINDOWS\system32\Ati2evxx.exe (598016 bytes) (ATI Technologies Inc.) (6/28/2010 8:56:06 AM) (--A-) (eca673779ecd27d674953d692fe070f6)


C:\Program Files\Avira\AntiVir Desktop\sched.exe (135336 bytes) (Avira GmbH) (6/28/2010 10:45:55 AM) (--A-) (ca8a0e78c3bbbad05a9a132bc468df9c)


C:\Program Files\Avira\AntiVir Desktop\avguard.exe (267944 bytes) (Avira GmbH) (6/28/2010 10:45:54 AM) (--A-) (48be1fcff1c929c899f29bcdc8659d9f)


C:\Program Files\Java\jre6\bin\jqs.exe (153376 bytes) (Sun Microsystems, Inc.) (10/6/2009 7:42:28 PM) (--A-) (112325f53ab720ca77825726d427fbdc)


C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (29263712 bytes) (Microsoft Corporation) (11/24/2008 10:31:10 PM) (--A-) (4263dcf845b089e397c7c3bfc74f04fe)


C:\WINDOWS\system32\PnkBstrA.exe (66872 bytes) (Unknown) (9/28/2010 5:11:03 PM) (--A-) (831883b107684301f48ace752c963984)


C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (76968 bytes) (Avira GmbH) (6/28/2010 10:45:55 AM) (--A-) (8c91bd35ae9aa8b628eec5e637bb1d0f)


C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (87904 bytes) (Microsoft Corporation) (11/24/2008 10:31:12 PM) (--A-) (d2f4f32b59440011174b4f8137af4e0c)


C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (602392 bytes) (Yahoo! Inc.) (11/10/2008 3:48:14 AM) (--A-) (dd0042f0c3b606a6a8b92d49afb18ad6)


C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (56928 bytes) (Cyberlink Corp.) (10/6/2009 10:54:28 PM) (----) (56f676060d70ba066459478824510bea)


C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (281768 bytes) (Avira GmbH) (6/28/2010 10:45:54 AM) (--A-) (c983e62b6fb74457d173ba93f66f6068)


C:\WINDOWS\RTHDCPL.EXE (17676288 bytes) (Realtek Semiconductor Corp.) (6/28/2010 8:56:16 AM) (--A-) (3b1764f98494b0c93f0df5572c7629e8)


C:\Program Files\Unikey32\UniKeyNT.exe (261632 bytes) (Unknown) (7/3/2010 8:38:38 PM) (--A-) (862fc3dd4330b4678a864e657140e1b4)


C:\Program Files\Internet Download Manager\IEMonitor.exe (263600 bytes) (Tonec Inc.) (5/25/2010 10:28:58 PM) (--A-) (207b16fa69f61d1895f8d8532f587e4b)


C:\Program Files\Avira\AntiVir Desktop\avscan.exe (435368 bytes) (Avira GmbH) (6/28/2010 10:45:55 AM) (--A-) (9469a0ce83b9656e7ca6f940daf965fb)


chrome.exe (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)


C:\Program Files\Internet Download Manager\IDMan.exe (3270040 bytes) (Tonec Inc.) (1/24/2011 8:13:12 AM) (--A-) (0ab4577560d3f1b98c8de691a201326c)


C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (1/29/2011 9:45:25 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c)


msfeedssync.exe (0 bytes) (Microsoft Corporation) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)



[+] Loaded Modules



C:\WINDOWS\system32\Ati2evxx.dll (143360 bytes) (ATI Technologies Inc.) (6/28/2010 8:56:07 AM) (--A-) (db326a97e844964af487d6ffde28256b)


C:\WINDOWS\system32\msacm32.drv (20480 bytes) (Microsoft Corporation) (8/23/2001 7:00:00 PM) (--A-) (9a3bd5f55aadff859539142f6328a66e)


C:\WINDOWS\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (4/14/2008 10:41:50 AM) (--A-) (ea9ee60b408878e5f2012f9c783836db)


C:\WINDOWS\system32\Ati2edxx.dll (43520 bytes) (ATI Technologies, Inc.) (6/28/2010 8:56:07 AM) (--A-) (68169471fa71b327ed009b80cddc82de)


C:\WINDOWS\system32\atipdlxx.dll (188416 bytes) (ATI Technologies, Inc.) (6/28/2010 8:56:07 AM) (--A-) (df585de3b2ae3ce0fb72eb562bb989a7)


C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (1/7/2009 6:20:36 PM) (--A-) (10753a3adc3e39a3b10cc3f08e98e6b4)


C:\WINDOWS\system32\iertutil.dll (1985536 bytes) (Microsoft Corporation) (3/8/2009 4:32:22 AM) (--A-) (803a6176020d97e68704b211bfe7d255)


C:\WINDOWS\system32\mdimon.dll (17920 bytes) (Microsoft Corporation) (10/6/2009 9:22:05 PM) (--A-) (cf0376023360aadd55c89ba50564afdc)


C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.d ll (18944 bytes) (Microsoft Corporation) (10/6/2009 9:22:05 PM) (--A-) (58e13a2292839321d3cdc918d5a4f5ae)


C:\WINDOWS\system32\odbcbcp.dll (24576 bytes) (Microsoft Corporation) (4/14/2008 10:42:04 AM) (--A-) (369f7b1a4f358b976176556a1a331f36)


C:\WINDOWS\system32\MSCOREE.DLL (270848 bytes) (Microsoft Corporation) (9/23/2005 7:28:52 AM) (--A-) (c749f552cba8e0dd2a0268df044985f4)


C:\WINDOWS\system32\sqlncli.dll (2248544 bytes) (Microsoft Corporation) (11/24/2008 10:31:10 PM) (--A-) (1f5585ee39c5b6629ae82205d5c7e84b)


C:\WINDOWS\system32\SQLNCLIR.RLL (205528 bytes) (Microsoft Corporation) (10/14/2005 2:48:56 AM) (--A-) (19e8e01fa6bfedd71f92e2adf3725d50)


C:\WINDOWS\system32\ieframe.dll (11067392 bytes) (Microsoft Corporation) (3/8/2009 4:39:48 AM) (--A-) (964fe5abad6d9a1e38797219514db5b2)


C:\WINDOWS\system32\WPDShServiceObj.dll (52224 bytes) (Microsoft Corporation) (4/19/2006 1:01:34 AM) (----) (9ba50416b769387c619c3ec6bf3cbb85)


C:\WINDOWS\system32\PortableDeviceTypes.dll (168960 bytes) (Microsoft Corporation) (4/19/2006 1:01:20 AM) (----) (36bf42ca5ae8bf8d1e1bc00ed5068abb)


C:\WINDOWS\system32\PortableDeviceApi.dll (345600 bytes) (Microsoft Corporation) (4/19/2006 1:01:28 AM) (----) (1f8c6bbebecbed21e002f45c18d523e9)


C:\WINDOWS\system32\CmdLineExt.dll (98304 bytes) (Sony DADC Austria AG.) (6/30/2010 3:31:19 PM) (--A-) (0aa300b8dcf8b4324ec491d6a44d4dab)



[+] Registry startups



Value: RemoteControl


Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: LanguageShortcut


Data: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: avgnt


Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: Adobe Reader Speed Launcher


Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: Adobe ARM


Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: RTHDCPL


Data: RTHDCPL.EXE


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: Alcmtr


Data: ALCMTR.EXE


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run



Value: UniKey


Data: C:\Program Files\Unikey32\UniKeyNT.exe


Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run



Value: ctfmon.exe


Data: C:\WINDOWS\system32\ctfmon.exe


Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run



Value: Google Update


Data: "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c


Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run



Value: SpeedBitVideoAccelerator


Data: "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup


Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run



Value: IDMan


Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot


Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run



Value: StubPath


Data: C:\WINDOWS\system32\ieudinit.exe


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}



Value: SCRNSAVE.EXE


Data: C:\WINDOWS\system32\ssflwbox.scr


Key: HKEY_CURRENT_USER\Control Panel\Desktop



Value: {0055C089-8582-441B-A0BF-17B458C2A3A8}


Data: C:\Program Files\Internet Download Manager\IDMIECC.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



Value: {02478D38-C3F9-4efb-9B51-7695ECA05670}


Data: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}



Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}


Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}



Value: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}


Data: C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}



Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}


Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}



Value: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}


Data: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}



Value: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}


Data: C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}




[+] Other Startups Methods



Value: WPDShServiceObj


Data: C:\WINDOWS\system32\WPDShServiceObj.dll


CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}


Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad



Value: DLLName


Data: Ati2evxx.dll


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent




[+] Startup folders




[+] TCPIP nameservers




[+] Internet Explorer settings



Value: Start Page


Data:

You must be registered for see links

Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main



Value: ProxyOverride


Data: local


Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings




[+] Internet Explorer Trusted Sites




[+] Windows Firewall allowed programs



Value: %windir%\Network Diagnostic\xpnetdiag.exe


Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


Data: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\Phi Doi(game)\Launcher.atm


Data: E:\Phi Doi(game)\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\Phi Doi(game)\Res-Voip\SCVoIP.exe


Data: E:\Phi Doi(game)\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\Phi Doi(game)\Music\Launcher.atm


Data: E:\Phi Doi(game)\Music\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\Phi Doi(game)\Music\Res-Voip\SCVoIP.exe


Data: E:\Phi Doi(game)\Music\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: D:\phidoi test\Launcher.atm


Data: D:\phidoi test\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: D:\phidoi test\Res-Voip\SCVoIP.exe


Data: D:\phidoi test\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: D:\ACE Online\Launcher.atm


Data: D:\ACE Online\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: D:\ACE Online\Res-Voip\SCVoIP.exe


Data: D:\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\ACE Online\Launcher.atm


Data: E:\ACE Online\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\ACE Online\Res-Voip\SCVoIP.exe


Data: E:\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: C:\WINDOWS\system32\PnkBstrA.exe


Data: C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstr A


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: C:\WINDOWS\system32\PnkBstrB.exe


Data: C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstr B


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\BoomSpeed\NMService.exe


Data: E:\BoomSpeed\NMService.exe:*:Enabled:Nexon Messenger Core


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: C:\Documents and Settings\USER\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe


Data: C:\Documents and Settings\USER\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enab ledT2Downloader


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\cod 5\CoDWaWmp.exe


Data: E:\cod 5\CoDWaWmp.exe:*isabled:Call of Duty(R) - World at War(TM)


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\cod 5\CoDWaW.exe


Data: E:\cod 5\CoDWaW.exe:*isabled:Call of Duty(R) - World at War(TM)


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\GenesisAD\GenesisAD\AnotherDay.exe


Data: E:\GenesisAD\GenesisAD\AnotherDay.exe:*:Enabled:An otherDay


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\GenesisAD\GenesisAD\GameConsole.bin


Data: E:\GenesisAD\GenesisAD\GameConsole.bin:*:Enabled:a dhost


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: C:\Program Files\uTorrent\uTorrent.exe


Data: C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\AirRivals_EN\New Folder\Launcher.atm


Data: E:\AirRivals_EN\New Folder\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\AirRivals_EN\New Folder\Res-Voip\SCVoIP.exe


Data: E:\AirRivals_EN\New Folder\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\DRivals\Launcher.atm


Data: E:\DRivals\Launcher.atm:Enabled:GameExe2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: E:\DRivals\Res-Voip\SCVoIP.exe


Data: E:\DRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List



Value: %windir%\Network Diagnostic\xpnetdiag.exe


Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List




[+] Windows Firewall allowed ports



Value: 1900:UDP


Data: 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List



Value: 2869:TCP


Data: 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List




[+] System Hijack



Value: DisableSR


Data: 1


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore



Value: Hidden


Data: 2


Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced



Value: ShowSuperHidden


Data: 0


Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced



Value: FirstRunDisabled


Data: 1


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center



Value: AntiVirusDisableNotify


Data: 1


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center



Value: FirewallDisableNotify


Data: 1


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center



Value: UpdatesDisableNotify


Data: 1


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center



Value: EnableDCOM


Data: Y


Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole



Value: Start


Data: 2


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RemoteRegistry



Value: Start


Data: 4


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wuauserv



Value: Wallpaper


Data: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


Key: HKEY_CURRENT_USER\Control Panel\Desktop



Value: OriginalWallpaper


Data: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp


Key: HKEY_CURRENT_USER\Control Panel\Desktop



Value: ConvertedWallpaper


Data: D:\wallpaper giáng sinh\White_Christmas_by_adni18.jpg


Key: HKEY_CURRENT_USER\Control Panel\Desktop




[+] Executables in Temp folders



C:\DOCUME~1\USER\LOCALS~1\Temp\cabex.dll (94208 bytes) (Unknown) (1/10/2011 6:25:29 PM) (--A-) (580affd9e4c729204ebb193808382bd4)


C:\DOCUME~1\USER\LOCALS~1\Temp\CmdLineExt02.dll (36864 bytes) (Unknown) (10/22/2010 9:14:32 PM) (--A-) (e60a8e3889df3c95e5f8fe2473db889e)


C:\DOCUME~1\USER\LOCALS~1\Temp\dwmapi.dll (37376 bytes) (Microsoft Corporation) (7/29/2009 9:06:38 AM) (--A-) (7ac53e9745beaa47568c7766a01e112e)


C:\DOCUME~1\USER\LOCALS~1\Temp\GLFB.tmp.tbHero.dll (2349080 bytes) (Conduit Ltd.) (8/3/2010 9:29:29 AM) (--A-) (455e61a2cf37f7210df685e2b77bfbe3)


C:\DOCUME~1\USER\LOCALS~1\Temp\LF2_v20a_Setup.exe (29471591 bytes) (Unknown) (11/4/2010 2:12:17 AM) (--A-) (cf0ae7424106d23c3759217b87fb5943)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@188@C592A8.### (2048 bytes) (Unknown) (11/15/2010 3:45:57 PM) (--A-) (b6f864ac519e0f07dc368281bc854bfd)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@418@C592A8.### (2048 bytes) (Unknown) (11/14/2010 5:16:54 PM) (--A-) (761ee2a769784275569e2ce9e9ae93f0)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@630@C592A8.### (2048 bytes) (Unknown) (11/15/2010 3:45:04 PM) (--A-) (d36e622ce83ccc015cf73b9f21829647)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@68C@C592A8.### (2048 bytes) (Unknown) (11/15/2010 3:45:28 PM) (--A-) (fa59106ef84669d4b5025563f6471a54)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@7CC@C592A8.### (2048 bytes) (Unknown) (11/16/2010 2:44:35 PM) (--A-) (d4ba87ee397ae5e807e0682b4d290b7c)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@9B0@C592A8.### (2048 bytes) (Unknown) (9/15/2010 12:10:06 PM) (--A-) (7b117a35f7151c73de8dda098b184833)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@B18@C592A8.### (2048 bytes) (Unknown) (11/15/2010 6:22:40 PM) (--A-) (76fb454d9f6f7826b2526ea75c4e40cb)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@D30@C592A8.### (2048 bytes) (Unknown) (11/24/2010 9:47:45 AM) (--A-) (100af056d29da18fcc72b0fb9875f8d8)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@D34@C592A8.### (2048 bytes) (Unknown) (11/20/2010 4:43:40 PM) (--A-) (b66efa21735d8177f79125d868e0da1f)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@D38@C592A8.### (2048 bytes) (Unknown) (11/24/2010 7:30:48 AM) (--A-) (e2900183dda62dda8b9c2ba6dfe56a5d)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@D74@C592A8.### (2048 bytes) (Unknown) (11/14/2010 5:09:40 PM) (--A-) (09c077365c42fd15a0655f0f0f7a6da7)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@DE8@27568D0.### (2048 bytes) (Unknown) (7/24/2010 3:32:20 AM) (--A-) (b8b9313295fb24d84a9a37ce93cfad86)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@E88@C592A8.### (2048 bytes) (Unknown) (11/16/2010 2:32:39 PM) (--A-) (d413ff02fdb8929214b1c1c4b4ef3c2d)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@EA8@C592A8.### (2048 bytes) (Unknown) (11/13/2010 10:41:21 AM) (--A-) (f9866cdec5515d380850dea06883ba79)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@EB4@C592A8.### (2048 bytes) (Unknown) (11/22/2010 11:04:49 AM) (--A-) (707c4f2dfb92449728a30a7ff67befe4)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@EE8@C592D0.### (2048 bytes) (Unknown) (11/15/2010 3:49:27 PM) (--A-) (b0c1dec4bb9d6ce0307a7e4b7b56665d)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@EEC@C592A8.### (2048 bytes) (Unknown) (11/26/2010 8:01:28 AM) (--A-) (8664533e89d7dd5f9a733aadcbf60454)


C:\DOCUME~1\USER\LOCALS~1\Temp\MBX@F74@C592A8.### (2048 bytes) (Unknown) (11/20/2010 4:44:03 PM) (--A-) (daf4458bee8bf0de086eb8364af78dd8)


C:\DOCUME~1\USER\LOCALS~1\Temp\msvcp71.dll (499712 bytes) (Microsoft Corporation) (7/29/2009 9:06:38 AM) (--A-) (561fa2abb31dfa8fab762145f81667c2)


C:\DOCUME~1\USER\LOCALS~1\Temp\msxml6-KB927977-enu-x86.exe (910080 bytes) (Microsoft Corporation) (6/28/2010 10:22:11 AM) (--A-) (ecf7b649bc6a5794621c78bbce88159a)


C:\DOCUME~1\USER\LOCALS~1\Temp\mtasa-1.0.4-rc-02033-0-000-nsis.exe (2734467 bytes) (Unknown) (10/13/2010 6:15:21 AM) (--A-) (6ad7a7799b070ca6b32201375d3dae9a)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5B.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5C.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5D.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5E.tmp (706048 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (27d9ed8cb8b62d1e0a8e5ace6cf52e2f)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5F.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d)


C:\DOCUME~1\USER\LOCALS~1\Temp\np60.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d)


C:\DOCUME~1\USER\LOCALS~1\Temp\np61.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)


C:\DOCUME~1\USER\LOCALS~1\Temp\np62.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)


C:\DOCUME~1\USER\LOCALS~1\Temp\np63.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d)


C:\DOCUME~1\USER\LOCALS~1\Temp\np64.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)


C:\DOCUME~1\USER\LOCALS~1\Temp\np65.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92)


C:\DOCUME~1\USER\LOCALS~1\Temp\Psapi.Dll (18192 bytes) (Microsoft Corporation) (7/29/2009 9:06:38 AM) (--A-) (b3d22a483875a61cb2060c7d518effc2)


C:\DOCUME~1\USER\LOCALS~1\Temp\SecurityScan_Releas e.exe (3598224 bytes) (McAfee, Inc.) (10/10/2010 1:40:22 AM) (--A-) (b2c46c7064c867f4722a0f51cf18fb62)


C:\DOCUME~1\USER\LOCALS~1\Temp\SIntf32.dll (19924 bytes) (Unknown) (10/22/2010 9:14:32 PM) (--A-) (36058fd9c9713188411f783dcc0ac500)


C:\DOCUME~1\USER\LOCALS~1\Temp\SIntfNT.dll (24516 bytes) (Unknown) (10/22/2010 9:14:32 PM) (--A-) (42c9db97bb3c55ecd6ba50e77aca4f49)


C:\DOCUME~1\USER\LOCALS~1\Temp\Uninstall.exe (85844 bytes) (Unknown) (12/27/2010 5:56:58 AM) (--A-) (722e74daa9eb2f1d5a1cb996282687be)


C:\DOCUME~1\USER\LOCALS~1\Temp\vcredist_x86.exe (4216840 bytes) (Microsoft Corporation) (8/24/2010 8:08:55 PM) (--A-) (5689d43c3b201dd3810fa3bba4a6476a)


C:\DOCUME~1\USER\LOCALS~1\Temp\wPQr_p9U.exe.part (567664 bytes) (Google Inc.) (9/16/2010 3:21:16 AM) (--A-) (f995e950cf5de1c816f84905f32c772d)


C:\DOCUME~1\USER\LOCALS~1\Temp\zing_ui_skin.dat (377856 bytes) (Unknown) (7/29/2009 9:06:38 AM) (--A-) (60af708ad4f0bc03dd888b1ceafca0cd)


C:\DOCUME~1\USER\LOCALS~1\Temp\~e5.0001 (59392 bytes) (Macrovision Europe Ltd.) (10/22/2010 10:05:07 PM) (--A-) (388bc430a34394a2b8ebfd16508ab3ac)



[+] Executables in suspicious folders



C:\WINDOWS\Temp\contentDATs.exe (497296 bytes) (McAfee, Inc.) (10/10/2010 1:41:01 AM) (--A-) (48176f75d6d125a4d345d78cb94a6c48)


C:\Documents and Settings\USER\Application Data\PnkBstrK.sys (22328 bytes) (Unknown) (9/28/2010 5:11:40 PM) (--A-) (c3e33580a3a85be28612b83d0c321e20)


C:\WINDOWS\system32\npptNT2.sys (4682 bytes) (INCA Internet Co., Ltd.) (8/19/2010 3:02:29 AM) (--A-) (9131fe60adfab595c8da53ad6a06aa31)


C:\WINDOWS\system32\TesSafe.sys (541824 bytes) (TENCENT) (7/8/2010 1:15:26 AM) (--A-) (c1f511d49c2902ba21ca1a974bf3835a)


C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (10/6/2009 6:13:19 PM) (--A-) (9dbb82fb602aa42b131c55c5d136dc9c)



[+] Autorun.ini




[+] Unknown .SYS files



C:\WINDOWS\system32\drivers\ahcix86.sys (183824 bytes) (AMD Technologies Inc.) (12/1/2008 5:21:39 PM) (--A-) (bfed486888067b7935b3c9f5951c41be)


C:\WINDOWS\system32\drivers\Ambfilt.sys (1684736 bytes) (Creative) (6/28/2010 8:56:20 AM) (--A-) (f6af59d6eee5e1c304f7f73706ad11d8)


C:\WINDOWS\system32\drivers\amdk8.sys (41984 bytes) (Advanced Micro Devices) (12/1/2008 5:21:38 PM) (--A-) (1b0806a92432bf6e9def9fbf0494f67d)


C:\WINDOWS\system32\drivers\ati2erec.dll (53248 bytes) (ATI Technologies Inc.) (6/28/2010 8:56:07 AM) (--A-) (96cb5f6bde6aae00be45d9fcf1f88a84)


C:\WINDOWS\system32\drivers\avgntdd.sys (45416 bytes) (Avira GmbH) (6/28/2010 10:45:54 AM) (--A-) (5b44c214f9cd9f590be9125347610380)


C:\WINDOWS\system32\drivers\avgntflt.sys (61960 bytes) (Avira GmbH) (6/28/2010 10:45:54 AM) (--A-) (47b879406246ffdced59e18d331a0e7d)


C:\WINDOWS\system32\drivers\avgntmgr.sys (22360 bytes) (Avira GmbH) (6/28/2010 10:45:54 AM) (--A-) (87451aa7cc6b6a590ebcea05e755075a)


C:\WINDOWS\system32\drivers\avipbb.sys (135096 bytes) (Avira GmbH) (6/28/2010 10:45:55 AM) (--A-) (da39805e2bad99d37fce9477dd94e7f2)


C:\WINDOWS\system32\drivers\BkavAuto.sys (33798 bytes) (Unknown) (10/6/2009 10:14:24 PM) (--A-) (68d68d16ee1af3388a5b56345171f9f7)


C:\WINDOWS\system32\drivers\cpuz135_x32.sys (21992 bytes) (CPUID) (12/16/2010 11:13:42 PM) (--A-) (c2eb4539a4f6ab6edd01bdc191619975)


C:\WINDOWS\system32\drivers\hdaudbus.sys (144384 bytes) (Windows (R) Server 2003 DDK provider) (4/14/2008 3:06:06 AM) (--A-) (573c7d0a32852b48f3058cfd8026f511)


C:\WINDOWS\system32\drivers\iastor5.sys (874240 bytes) (Intel Corporation) (12/1/2008 5:21:39 PM) (--A-) (309c4d86d989fb1fcf64bd30dc81c51b)


C:\WINDOWS\system32\drivers\iastor7.sys (277784 bytes) (Intel Corporation) (12/1/2008 5:21:39 PM) (--A-) (fd7f9d74c2b35dbda400804a3f5ed5d8)


C:\WINDOWS\system32\drivers\iastor8.sys (328728 bytes) (Intel Corporation) (12/1/2008 5:21:39 PM) (--A-) (baabb0301949774a66b955c65319635a)


C:\WINDOWS\system32\drivers\idmtdi.sys (97112 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (0ded5397f34f5b4ae61674d7303557d9)


C:\WINDOWS\system32\drivers\imagedrv.sys (5504 bytes) (Ahead Software AG) (10/6/2009 8:45:28 PM) (----) (0a7c49b48c772591a2d362daa00246c8)


C:\WINDOWS\system32\drivers\imagesrv.sys (125184 bytes) (Ahead Software AG) (10/6/2009 8:45:28 PM) (----) (549ba4f539e7b8d8129500b96dd7b27a)


C:\WINDOWS\system32\drivers\iteatapi.sys (27648 bytes) (Integrated Technology Express, Inc.) (12/1/2008 5:21:39 PM) (--A-) (39a2f7ebcb6817c4a016b544921c7982)


C:\WINDOWS\system32\drivers\iteraid.sys (26112 bytes) (Integrated Technology Express, Inc.) (12/1/2008 5:21:39 PM) (--A-) (979836fc6dc05218b4e93e5ccea5654b)


C:\WINDOWS\system32\drivers\Jraid.sys (79960 bytes) (JMicron Technology Corp.) (12/1/2008 5:21:39 PM) (--A-) (b07084095f8c03aadb9811c9df14b5e4)


C:\WINDOWS\system32\drivers\m5228.sys (45069 bytes) (ALi Corporation.) (12/1/2008 5:21:39 PM) (--A-) (06c174e5c7845055c3d6317709af6423)


C:\WINDOWS\system32\drivers\m5281.sys (51072 bytes) (ALi Corporation) (12/1/2008 5:21:39 PM) (--A-) (a51cd61975297508d4483fcbf931d86c)


C:\WINDOWS\system32\drivers\m5287.sys (103680 bytes) (ULi Electronics Inc.) (12/1/2008 5:21:39 PM) (--A-) (87cf2d570f452a5c1b9fc5c5a44389a5)


C:\WINDOWS\system32\drivers\m5288.sys (210304 bytes) (ULi Electronics Inc.) (12/1/2008 5:21:39 PM) (--A-) (485ed377977dc9661626aaab614504cf)


C:\WINDOWS\system32\drivers\m5289.sys (52480 bytes) (ULi Electronics Inc.) (12/1/2008 5:21:39 PM) (--A-) (e1ca1ea9ad7c8c50ea533829a6854d63)


C:\WINDOWS\system32\drivers\Monfilt.sys (1389056 bytes) (Creative Technology Ltd.) (6/28/2010 8:56:20 AM) (--A-) (9fa7207d1b1adead88ae8eed9cdbbaa5)


C:\WINDOWS\system32\drivers\nvatabus.sys (100736 bytes) (NVIDIA Corporation) (12/1/2008 5:21:39 PM) (--A-) (c03e15101f6d9e82cd9b0e7d715f5de3)


C:\WINDOWS\system32\drivers\nvgts.sys (145952 bytes) (NVIDIA Corporation) (12/1/2008 5:21:39 PM) (--A-) (37954cd1d0afc11becd149f7c3ec88c2)


C:\WINDOWS\system32\drivers\nvraid.sys (82944 bytes) (NVIDIA Corporation) (12/1/2008 5:21:39 PM) (--A-) (b65ce56c36f573113ff2f6d0f07b7563)


C:\WINDOWS\system32\drivers\nvrd32.sys (133152 bytes) (NVIDIA Corporation) (12/1/2008 5:21:39 PM) (--A-) (bef704aa9e17d176a46ddf77c6a52194)


C:\WINDOWS\system32\drivers\PnkBstrK.sys (138464 bytes) (Unknown) (9/28/2010 5:11:40 PM) (--A-) (6d2dbe236cf5ef94e4be1969d1b6d304)


C:\WINDOWS\system32\drivers\rndismpk.sys (27264 bytes) (Microsoft Corporation) (12/7/2010 10:40:52 AM) (--A-) (af79f98e2a9720995badd93cca1d4e01)


C:\WINDOWS\system32\drivers\Rtenicxp.sys (117888 bytes) (Realtek Semiconductor Corporation) (6/28/2010 8:56:23 AM) (--A-) (839141088ad7ee90f5b441b2d1afd22c)


C:\WINDOWS\system32\drivers\RtHDMI.sys (3720832 bytes) (Realtek Semiconductor Corp.) (6/28/2010 8:56:20 AM) (--A-) (8d9794c6ff5b66bc38d5e66a4b0e3b4f)


C:\WINDOWS\system32\drivers\RtkHDAud.sys (4952576 bytes) (Realtek Semiconductor Corp.) (6/28/2010 8:56:20 AM) (--A-) (fb4293b1eab313c28d4a1b8db61aca72)


C:\WINDOWS\system32\drivers\RTL8187B.sys (275968 bytes) (Realtek Semiconductor Corporation) (10/6/2009 7:37:45 PM) (--AR) (56b331a3e315c53532cc7084e5b6dfc4)


C:\WINDOWS\system32\drivers\secdrv.sys (20480 bytes) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (4/14/2008 3:09:16 AM) (--A-) (90a3935d05b494a5a39d37e71f09a677)


C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (4/14/2008 5:10:50 AM) (--A-) (d66d22d76878bf3483a6be30183fb648)


C:\WINDOWS\system32\drivers\si3112r.sys (102528 bytes) (Silicon Image, Inc) (12/1/2008 5:21:39 PM) (--A-) (c82f9b4993f502361067e3ab61d46f7a)


C:\WINDOWS\system32\drivers\sisraid.sys (48128 bytes) (Silicon Integrated Systems) (12/1/2008 5:21:39 PM) (--A-) (826b83cdaafb6e164bbc1d77cb99e2ce)


C:\WINDOWS\system32\drivers\sisraid2.sys (30976 bytes) (Silicon Integrated Systems Corp) (12/1/2008 5:21:39 PM) (--A-) (b8a2f8dcdc75f19962d975727f393920)


C:\WINDOWS\system32\drivers\sisraid4.sys (68864 bytes) (Silicon Integrated Systems) (12/1/2008 5:21:39 PM) (--A-) (af43fbb04fd9acc46a115b50d7c11e1a)


C:\WINDOWS\system32\drivers\siwinacc.sys (10368 bytes) (Silicon Image, Inc.) (12/1/2008 5:21:39 PM) (--A-) (72cf151fb410e544904dbc7d7f29b796)


C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys (268912 bytes) (Unknown) (6/28/2010 2:38:36 PM) (--AR) (25ecea986742275ecb23a1cb6bc87a61)


C:\WINDOWS\system32\drivers\ssmdrv.sys (28520 bytes) (Avira GmbH) (6/28/2010 10:45:55 AM) (--A-) (a36ee93698802cd899f98bfd553d8185)


C:\WINDOWS\system32\drivers\SysLib.sys (57857143 bytes) (Unknown) (10/6/2009 10:14:24 PM) (--A-) (252593a7867287721a19d55c41f3f83e)


C:\WINDOWS\system32\drivers\SysLib0.sys (33713664 bytes) (Unknown) (10/6/2009 10:14:49 PM) (--A-) (a7190e64e9311d27ae280f5ac52e8ee4)


C:\WINDOWS\system32\drivers\SysLib1.sys (9450496 bytes) (Unknown) (10/6/2009 10:14:54 PM) (--A-) (327849bd00621d6c86ccbb6ff0ed95ac)


C:\WINDOWS\system32\drivers\usb8023k.sys (11136 bytes) (Microsoft Corporation) (12/7/2010 10:40:52 AM) (--A-) (f39039d5c96c1d3ac2a637a659dbf282)


C:\WINDOWS\system32\drivers\viamraid.sys (117248 bytes) (VIA Technologies inc,.ltd) (12/1/2008 5:21:39 PM) (--A-) (00046aa2e396edc2238556e740a8e5af)


C:\WINDOWS\system32\drivers\vmscsi.sys (17968 bytes) (VMware, Inc.) (12/1/2008 5:21:39 PM) (--A-) (82132036ee4d3e8aa3e73feebe1a9741)


C:\WINDOWS\system32\drivers\wpdusb.sys (40704 bytes) (Microsoft Corporation) (4/19/2006 1:01:26 AM) (----) (f6c0eb46c66c7be80f22115ecb44b1f0)



[+] Non accessible files




[+] Executables in Internet Explorer Folder



C:\Program Files\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (44d37a87f00d8684ad907dae295f67fb)


C:\Program Files\Internet Explorer\iecompat.dll (100352 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (eed9645cfc825b42d1178d8ae2392cc4)


C:\Program Files\Internet Explorer\iedvtool.dll (742912 bytes) (Microsoft Corporation) (3/8/2009 4:35:32 AM) (----) (bd3c4101b9340e697c9eb0c9c7c9fedf)


C:\Program Files\Internet Explorer\ieproxy.dll (246272 bytes) (Microsoft Corporation) (3/8/2009 4:33:50 AM) (----) (1424612f4eed15fef3c216db72d18e3e)


C:\Program Files\Internet Explorer\iexplore.exe.mui (12288 bytes) (Microsoft Corporation) (3/8/2009 2:21:44 PM) (----) (943030b55fdb56fb8b8fcc086071e119)


C:\Program Files\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (33db6e706fd3a2271033c5d29b3d6f76)


C:\Program Files\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (3494af094cfb1d1b9a3c1ce255492b6c)


C:\Program Files\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (d68cc4e775420716b6abc4d188d5d316)


C:\Program Files\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (3/8/2009 4:35:12 AM) (----) (0f6a0675181d3ae76755986f3bf9e598)


C:\Program Files\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (1/7/2009 6:20:18 PM) (----) (3ca2dfd1ee857cde7dccf4235f52d142)


C:\Program Files\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (1/7/2009 6:20:54 PM) (----) (5eb87ba0b93ca7e894fc8002e3ce4c2a)


C:\Program Files\Internet Explorer\xpshims.dll (12800 bytes) (Microsoft Corporation) (3/8/2009 4:33:18 AM) (----) (64c5c0f1a40c26fe6362825c044578c5)



[+] Files created/modified 15 days ago



C:\WINDOWS\system32\drivers\idmtdi.sys (97112 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (0ded5397f34f5b4ae61674d7303557d9) (Created)


C:\Program Files\Avira\AntiVir Desktop\aecore.dll (196983 bytes) (Avira GmbH) (1/21/2011 6:08:03 PM) (--A-) (afff0fff53ae04747c340868ab1cfa27) (Modified)


C:\Program Files\Avira\AntiVir Desktop\aegen.dll (397683 bytes) (Avira GmbH) (1/21/2011 6:08:10 PM) (--A-) (165152efdc31f4046ede52116e403107) (Modified)


C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (205178 bytes) (Avira GmbH) (1/19/2011 2:00:25 AM) (--A-) (8baa75903e65e4cdd742dc8c22c09924) (Modified)


C:\Program Files\Avira\AntiVir Desktop\aepack.dll (512374 bytes) (Avira GmbH) (1/21/2011 6:09:09 PM) (--A-) (66f9f6f5817e42f478178cc44b95f096) (Modified)


C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll (196983 bytes) (Avira GmbH) (1/21/2011 6:08:03 PM) (--A-) (afff0fff53ae04747c340868ab1cfa27) (Modified)


C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll (397683 bytes) (Avira GmbH) (1/21/2011 6:08:10 PM) (--A-) (165152efdc31f4046ede52116e403107) (Modified)


C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll (205178 bytes) (Avira GmbH) (1/19/2011 2:00:25 AM) (--A-) (8baa75903e65e4cdd742dc8c22c09924) (Modified)


C:\Program Files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll (512374 bytes) (Avira GmbH) (1/21/2011 6:09:09 PM) (--A-) (66f9f6f5817e42f478178cc44b95f096) (Modified)


C:\Program Files\Error Repair Professional\ErrorRepairProfessional.exe (756224 bytes) (

You must be registered for see links

) (1/26/2011 4:30:43 PM) (--A-) (a953d9a94da28d4d17cb298ecfb58629) (Created)


C:\Program Files\Error Repair Professional\unins000.exe (707354 bytes) (Unknown) (1/26/2011 4:30:43 PM) (--A-) (4e66abde2217634ed899f670968ea651) (Created)


C:\Program Files\Gabest\VobSub\auxsetup.exe (69632 bytes) (Unknown) (1/27/2011 6:31:23 PM) (--A-) (666a1e7eb3dfadb5ece37b3e3b42fd06) (Created)


C:\Program Files\Gabest\VobSub\uninstall.exe (53043 bytes) (Unknown) (1/27/2011 6:29:10 PM) (--A-) (184d889ce1297bcd98d54dd83d284fad) (Created)


C:\Program Files\Gabest\VobSub\vdicmdrv.dll (69632 bytes) (Unknown) (1/27/2011 6:31:23 PM) (--A-) (82bc6afc48dbbcc1278c8ee97f38ed4e) (Created)


C:\Program Files\Gabest\VobSub\vdremote.dll (73728 bytes) (Unknown) (1/27/2011 6:31:23 PM) (--A-) (97d56ad27c8a00d675e904e9b8f861e3) (Created)


C:\Program Files\Gabest\VobSub\vdsvrlnk.dll (65536 bytes) (Unknown) (1/27/2011 6:31:23 PM) (--A-) (e22d57c04b06e6c1c35b1910a5dc3336) (Created)


C:\Program Files\Gabest\VobSub\vdub.exe (8704 bytes) (Unknown) (1/27/2011 6:31:23 PM) (--A-) (9d8e0c408c975ea24a2a94d8930f1132) (Created)


C:\Program Files\Gabest\VobSub\VirtualDub.exe (2670592 bytes) (Unknown) (1/27/2011 6:31:22 PM) (--A-) (bafd24e8bd9d6a0cdb347809d4a68093) (Created)


C:\Program Files\Internet Download Manager\idmbrbtn.dll (79040 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (4cc8015a3602710e7701328273bca511) (Created)


C:\Program Files\Internet Download Manager\IDMShellExt.dll (67680 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (c2752cffb1418b0b2174eff338414934) (Created)


C:\Program Files\Internet Download Manager\idmtdi32.sys (97112 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (0ded5397f34f5b4ae61674d7303557d9) (Created)


C:\Program Files\Internet Download Manager\idmwfp32.sys (85768 bytes) (Tonec Inc.) (1/25/2011 5:40:06 PM) (--A-) (a99b28d267c4d661d976975db9c6726f) (Created)


C:\Program Files\Internet Download Manager\Uninstall.exe (147808 bytes) (Tonec Inc.) (1/24/2011 10:29:26 PM) (--A-) (826658235b00b2976291fc58f0b3a4ef) (Created)


C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (1/29/2011 9:45:25 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c) (Created)


C:\Program Files\NoVirusThanks\Hijack Hunter\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (1/29/2011 9:45:28 PM) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)


C:\Program Files\NoVirusThanks\Hijack Hunter\unins000.exe (707354 bytes) (Unknown) (1/29/2011 9:45:24 PM) (--A-) (eecf7fe501b410aa3733bb0b23ab678a) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5B.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5C.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5D.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:50 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5E.tmp (706048 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (27d9ed8cb8b62d1e0a8e5ace6cf52e2f) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np5F.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np60.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np61.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np62.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:55 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np63.tmp (989696 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (c24b983d211c34da8fcc1ac38477971d) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np64.tmp (578560 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\np65.tmp (617472 bytes) (Microsoft Corporation) (1/29/2011 12:34:58 PM) (--A-) (bab489a5fe26f2d0c910cf7af7e4cf92) (Created)


C:\DOCUME~1\USER\LOCALS~1\Temp\Uninstall.exe (85844 bytes) (Unknown) (1/19/2011 5:30:56 AM) (--A-) (722e74daa9eb2f1d5a1cb996282687be) (Modified)


C:\DOCUME~1\USER\LOCALS~1\Temp\_ir_sf7_temp_0\irse tup.exe (451072 bytes) (Unknown) (1/28/2011 11:50:21 PM) (--A-) (75ca7ff96bf5a316c3af2de6a412bd54) (Created)



[+] Hidden files in suspicious folders




[+] Suspicious Registry Keys




[+] Suspicious folders




[+] Drivers



c:\program files\avira\antivir desktop\avgio.sys (avgio) (avgio) (Avira GmbH) (0b497c79824f8e1bf22fa6aacd3de3a0)


C:\WINDOWS\system32\drivers\avgntflt.sys (avgntflt) (avgntflt) (Avira GmbH) (47b879406246ffdced59e18d331a0e7d)


C:\WINDOWS\system32\drivers\avipbb.sys (avipbb) (avipbb) (Avira GmbH) (da39805e2bad99d37fce9477dd94e7f2)


c:\windows\system32\drivers\cpuz135_x32.sys (cpuz135) (cpuz135) (CPUID) (c2eb4539a4f6ab6edd01bdc191619975)


C:\WINDOWS\system32\drivers\hdaudbus.sys (HDAudBus) (Microsoft UAA Bus Driver for High Definition Audio) (Windows (R) Server 2003 DDK provider) (573c7d0a32852b48f3058cfd8026f511)


C:\WINDOWS\system32\drivers\idmtdi.sys (IDMTDI) (IDMTDI) (Tonec Inc.) (0ded5397f34f5b4ae61674d7303557d9)


C:\WINDOWS\system32\drivers\rtkhdaud.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (fb4293b1eab313c28d4a1b8db61aca72)


C:\WINDOWS\system32\drivers\rthdmi.sys (RTHDMIAzAudService) (Service for HDMI) (Realtek Semiconductor Corp.) (8d9794c6ff5b66bc38d5e66a4b0e3b4f)


C:\WINDOWS\system32\drivers\ssmdrv.sys (ssmdrv) (ssmdrv) (Avira GmbH) (a36ee93698802cd899f98bfd553d8185)


C:\WINDOWS\system32\drivers\syslib0.sys (SysLib0) (SysLib0) (Unknown) (a7190e64e9311d27ae280f5ac52e8ee4)


C:\WINDOWS\system32\drivers\syslib1.sys (SysLib1) (SysLib1) (Unknown) (327849bd00621d6c86ccbb6ff0ed95ac)



[+] Drivers -> FSFilter Anti-Virus



Driver Name: avgntflt


Driver File: system32\DRIVERS\avgntflt.sys


Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\avgntflt




[+] Services



c:\program files\avira\antivir desktop\sched.exe (AntiVirSchedulerService) (Avira AntiVir Scheduler) (Avira GmbH) (ca8a0e78c3bbbad05a9a132bc468df9c)


c:\program files\avira\antivir desktop\avguard.exe (AntiVirService) (Avira AntiVir Guard) (Avira GmbH) (48be1fcff1c929c899f29bcdc8659d9f)


c:\windows\system32\ati2evxx.exe (Ati HotKey Poller) (Ati HotKey Poller) (ATI Technologies Inc.) (eca673779ecd27d674953d692fe070f6)


c:\program files\java\jre6\bin\jqs.exe (JavaQuickStarterService) (Java Quick Starter) (Sun Microsystems, Inc.) (112325f53ab720ca77825726d427fbdc)


c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe (MSSQL$SQLEXPRESS) (SQL Server (SQLEXPRESS)) (Microsoft Corporation) (4263dcf845b089e397c7c3bfc74f04fe)


c:\windows\system32\pnkbstra.exe (PnkBstrA) (PnkBstrA) (Unknown) (831883b107684301f48ace752c963984)


c:\program files\microsoft sql server\90\shared\sqlwriter.exe (SQLWriter) (SQL Server VSS Writer) (Microsoft Corporation) (d2f4f32b59440011174b4f8137af4e0c)


c:\program files\yahoo!\softwareupdate\yahooauservice.exe (YahooAUService) (Yahoo! Updater) (Yahoo! Inc.) (dd0042f0c3b606a6a8b92d49afb18ad6)



[+] ServiceDll




[+] Unknown files in Winsock LSP




[+] Unknown files in CLSID



C:\WINDOWS\system32\DVobSub.ax (249856 bytes) (Gabest) (12/11/2002 3:19:59 PM) (--A-) (9b8413cad2279f7d2c92506270fd820e)


C:\WINDOWS\system32\ImagXpr7.dll (476320 bytes) (Pegasus Imaging Corp.) (10/6/2009 8:44:52 PM) (----) (8f03fd1c3bd8f6b575e6cf5e0e89ff13)


C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (10/6/2009 6:12:51 PM) (--A-) (277bdf16a94be0d063988d692541650b)


C:\WINDOWS\system32\NCTAudioRecord2.dll (311296 bytes) (NCT Company Ltd.) (12/14/2010 2:56:24 AM) (--A-) (b387a235ef3d1738e5568d710a2d665e)


C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (4/14/2008 10:41:56 AM) (--A-) (5f10dc19d92ccf6b719b494572f4f74b)


C:\WINDOWS\system32\VSFLEX3.OCX (225280 bytes) (VideoSoft) (1/5/1999 5:30:02 PM) (--A-) (c758ebc719c0d07b1b0e251c77f11bfd)


C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (4/14/2008 10:42:44 AM) (--A-) (948e1498c6438625247f94534aaa82fe)


C:\WINDOWS\system32\NCTAudioFile2.dll (1843200 bytes) (NCT Company Ltd.) (12/14/2010 2:56:24 AM) (--A-) (c3b700291807619d95cd185be6621444)


C:\WINDOWS\system32\l3codecx.ax (83456 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (8/23/2001 7:00:00 PM) (--A-) (b5a7a5a67ecc144117d1e7d5352a2f6a)


C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (8/23/2001 7:00:00 PM) (--A-) (d0a33c77354a6f12ccd8034e4429a30d)


C:\WINDOWS\system32\AniGIF.ocx (172032 bytes) (Jin Hui E-mail: [email protected] Web:

You must be registered for see links

) (1/10/2011 6:25:40 PM) (--A-) (45960b40c1ecb75ed5549a80049879e1)


C:\WINDOWS\system32\NCTWMAFile2.dll (196608 bytes) (NCT Company Ltd.) (12/14/2010 2:56:25 AM) (--A-) (fbd2c562b4cd14c0107804433acf7fe2)


C:\WINDOWS\system32\l3codeca.acm (290816 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (4/14/2008 10:39:58 AM) (--A-) (452705ac9e4c0dde91a61f0e02292423)


C:\WINDOWS\system32\NCTAudioPlayer2.dll (315392 bytes) (NCT Company Ltd.) (12/14/2010 2:56:24 AM) (--A-) (13073ceca55e0c35a62ffe9518505e6e)


C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (10/6/2009 6:13:19 PM) (--A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)


C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll (266240 bytes) (Unknown) (6/28/2010 8:56:20 AM) (--A-) (bd47529c036933881b6d651d6a046e38)


C:\WINDOWS\system32\NCTAudioInformation2.dll (1040384 bytes) (NCT Company Ltd.) (12/14/2010 2:56:24 AM) (--A-) (f8d0e33605ede0f5c5d83215bae3ab55)


C:\WINDOWS\system32\iac25_32.ax (199680 bytes) (Intel Corporation) (4/14/2008 10:42:44 AM) (--A-) (877c90686858d899b042bba45e9b7f2c)


C:\WINDOWS\system32\deploytk.dll (411368 bytes) (Sun Microsystems, Inc.) (10/6/2009 7:42:37 PM) (--A-) (fea9e1745f7a500b1046012131c78227)


C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll (131072 bytes) (Unknown) (6/28/2010 8:56:20 AM) (--A-) (05229a9335934a9414c9ee1696b11f2c)



[+] TCP Connections



svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:41026 -> LISTENING


N/A -> 0.0.0.0:445 -> 0.0.0.0:39006 -> LISTENING


alg.exe -> 127.0.0.1:1029 -> 0.0.0.0:24676 -> LISTENING


jqs.exe -> 127.0.0.1:5152 -> 0.0.0.0:55412 -> LISTENING


N/A -> 192.168.1.50:139 -> 0.0.0.0:2176 -> LISTENING


chrome.exe -> 192.168.1.50:1619 -> 74.125.71.165:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1624 -> 74.125.71.139:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1628 -> 74.125.71.156:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1644 -> 63.150.131.16:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1665 -> 74.125.71.138:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1666 -> 222.255.27.197:80 -> ESTABLISHED


N/A -> 192.168.1.50:1737 -> 208.94.3.144:80 -> TIME_WAIT


chrome.exe -> 192.168.1.50:1740 -> 208.94.1.99:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1741 -> 208.94.3.144:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1745 -> 74.125.71.138:80 -> ESTABLISHED


chrome.exe -> 192.168.1.50:1748 -> 74.125.71.113:80 -> ESTABLISHED



[+] UDP Connections



N/A -> 0.0.0.0:445 -> *.*


lsass.exe -> 0.0.0.0:500 -> *.*


lsass.exe -> 0.0.0.0:4500 -> *.*


svchost.exe -> 127.0.0.1:123 -> *.*


svchost.exe -> 127.0.0.1:1038 -> *.*


svchost.exe -> 127.0.0.1:1900 -> *.*


PnkBstrA.exe -> 127.0.0.1:44301 -> *.*


svchost.exe -> 192.168.1.50:123 -> *.*


N/A -> 192.168.1.50:137 -> *.*


N/A -> 192.168.1.50:138 -> *.*


svchost.exe -> 192.168.1.50:1900 -> *.*



[+] Hosts file



205.199.44.156 registeridm.com


205.199.44.16 registeridm.com


127.0.0.1

You must be registered for see links

[+] Ring3 API Hooks



C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT



[+] Kernel Mode Info



[SSDT] NtCreateKey -> 0xBA7B159E -> 0x80623786 -> N/A


[SSDT] NtCreateThread -> 0xBA7B1594 -> 0x805D0FD4 -> N/A


[SSDT] NtDeleteKey -> 0xBA7B15A3 -> 0x80623C16 -> N/A


[SSDT] NtDeleteValueKey -> 0xBA7B15AD -> 0x80623DE6 -> N/A


[SSDT] NtLoadKey -> 0xBA7B15B2 -> 0x80625982 -> N/A


[SSDT] NtOpenProcess -> 0xBA7B1580 -> 0x805CB3FC -> N/A


[SSDT] NtOpenThread -> 0xBA7B1585 -> 0x805CB688 -> N/A


[SSDT] NtReplaceKey -> 0xBA7B15BC -> 0x80625832 -> N/A


[SSDT] NtRestoreKey -> 0xBA7B15B7 -> 0x8062513E -> N/A


[SSDT] NtSetValueKey -> 0xBA7B15A8 -> 0x80621D0C -> N/A



---


Finish [ 0:13:22 ]

 

[ngochankha]

Nhìn qua 1 lượt, đau cả mắt. Hinhcoi nhưkhông. Trừ 1 vài file như: RTLCPAPI.dll (unknown) thì không rõ. Nên kiểm tra thử xem.. Mà dùng phần mềm quét virus là biết thôi

 

[Afham]

tui chưa đủ bài viết nên hong thank được . chừng nào đủ tui sẽ thank . giờ thank miệng vậy

 

[army_quan]

sau một hồi đọc thì mình nhận ra rằng nên dùng phần mềm anti diệt virus cho mau

 

[bongtuyettrang_97]

thank nhé

 

[Pell]

Cái Này thì dùng phần mềm diệt virus thử xem nhé, dùng kis hay cmc hay avira gì đó

 

[thuyan261190]

vãi đái, hoa mẹ mắt e rồi, bắt đền, cái này em chịu :d

 

[dieuthao94]

thế này thì mang ra trung tâm người ta xem cho

 

[guanshuwei]

nhiều virus quá, kiểu này chắc banh máy thôi

 

[quataoxanh0_0]

haunghe10 sau một hồi đọc thì mình nhận ra rằng nên dùng phần mềm anti diệt virus cho mau cùng ý kiến, như rừng vậy ai đọc nổi , dùng Phần mềm diệt virus nha bạn

 

[Henson]

cái này bạn mang ra tiệm là ok..chứ nhiều thế kia nhìn xong phải đi mua thuốc chóng mặt uống

 

[thuyduong55555]

hết hồn .bố mẹ ơi .

 

[tran_vinh_23_7_1992]

bạn đưa như thế thì đọc xong không biết cái j là virus hay không virus luôn ấy chứ, nói chung là dùng antivirus quét ở chế độ safe mode, chúc bạn thành công

 

[honghoa2033]

Bạn nên xóa hết tất cả tất cả thú trong thư mục temp đi . Virus rất hay nằm ở đây. Và start --> Run gõ Temp và xóa hết đi . Còn có bị nhiễm virus hay không thì quét bằng Antivirus là biết thôi.