Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Help!!!-keylogger,invader

3K views 9 replies 1 participant last post by  Elsy 
#1 ·
HIJACK THIS REPORT

Logfile of HijackThis v1.99.1
Scan saved at 22:36:22, on 07.01.30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Documents and Settings\Administrator\My Documents\My eBooks\works\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oops.mn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [dll] c:\system32\rose.exe
O4 - HKLM\..\Run: [ISS_SIP] C:\Program Files\Anti Keylogger Elite\AKE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Q-Type Pro.lnk = C:\Program Files\Q-Type Pro\MagicKey.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169621498343
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: svchosts (srvTaskManager) - Unknown owner - C:\WINDOWS\system32\TaskManager.exe
 
See less See more
#2 ·
SmitFraudFix v2.137

Scan done at 22:32:39,70, 07.01.30
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 
#3 ·
This one is AVG Antivirus RESULT.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:19:02 07.01.31

+ Scan result:



:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bau9wpz3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
 
#7 ·
Proactive Defense
-----------------
Events checked: 98
Blocked: 16
Macros checked: 0
Start time: 07.01.31 0:27:44
Duration: 01:58:28


Detected
--------
Status Object
------ ------
detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe
detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE
detected: riskware Invader Running process: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\sdhelp.exe
detected: riskware Invader Running process: C:\Program Files\Spyware Doctor\swdoctor.exe
detected: riskware Invader Running process: C:\Program Files\Q-Type Pro\MagicKey.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe
detected: riskware Invader Running process: C:\WINDOWS\explorer.exe
detected: riskware Invader Running process: C:\Program Files\Mozilla Firefox\firefox.exe
detected: riskware Invader Running process: C:\Program Files\Internet Explorer\iexplore.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
 
#8 ·
Events
------
Time Name Event
---- ---- -----
07.01.31 0:32:52 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
07.01.31 0:32:52 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2672). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 3136). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 3172). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3372). This behaviour is typical of some malware.
07.01.31 0:32:54 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Process C:\Program Files\Common Files\Real\Update_OB\realsched.exe (PID: 1664) is attempting to invade process C:\Program Files\Real\RealPlayer\realplay.exe (PID: 3496). This behaviour is typical of some malware.
07.01.31 0:32:56 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Action allowed.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wscntfy.exe (PID: 3588). This behaviour is typical of some malware.
07.01.31 0:33:01 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:34:38 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
07.01.31 0:34:38 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:34:40 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
07.01.31 0:34:40 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:34:42 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\wuauclt.exe (PID: 2232). This behaviour is typical of some malware.
07.01.31 0:34:42 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 0:39:22 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
07.01.31 0:39:22 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:40:10 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
07.01.31 0:40:10 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:40:40 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
07.01.31 0:40:40 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:40:44 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
07.01.31 0:40:44 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:40:46 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 220). This behaviour is typical of some malware.
07.01.31 0:40:46 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:40:49 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\csrss.exe (PID: 564). This behaviour is typical of some malware.
07.01.31 0:40:49 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:40:54 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\csrss.exe (PID: 564). This behaviour is typical of some malware.
07.01.31 0:40:54 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:40:58 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\winlogon.exe (PID: 588). This behaviour is typical of some malware.
07.01.31 0:40:58 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:41:01 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process \\?\C:\WINDOWS\system32\winlogon.exe (PID: 588). This behaviour is typical of some malware.
07.01.31 0:41:01 C:\Program Files\Spyware Doctor\sdhelp.exe Action allowed.
07.01.31 0:41:02 C:\Program Files\Spyware Doctor\sdhelp.exe Process C:\Program Files\Spyware Doctor\sdhelp.exe (PID: 416) is attempting to invade process C:\WINDOWS\system32\services.exe (PID: 632). This behaviour is typical of some malware.
07.01.31 0:41:02 C:\Program Files\Spyware Doctor\sdhelp.exe Attempt to terminate process
07.01.31 0:41:05 C:\Program Files\Spyware Doctor\sdhelp.exe Attempt to terminate process: successfully
07.01.31 0:41:06 C:\Program Files\Spyware Doctor\swdoctor.exe Process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 1952) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
07.01.31 0:41:06 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process
07.01.31 0:41:09 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process: successfully
07.01.31 0:41:15 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
07.01.31 0:41:15 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
07.01.31 0:41:21 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
07.01.31 0:41:21 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
07.01.31 0:41:23 C:\Program Files\Q-Type Pro\MagicKey.exe Process C:\Program Files\Q-Type Pro\MagicKey.exe (PID: 2244) is attempting to invade process C:\Program Files\Q-Type Pro\DisableMs.exe (PID: 4072). This behaviour is typical of some malware.
07.01.31 0:41:23 C:\Program Files\Q-Type Pro\MagicKey.exe Action allowed.
07.01.31 0:42:29 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 260). This behaviour is typical of some malware.
07.01.31 0:42:29 C:\WINDOWS\Explorer.EXE Action allowed.
07.01.31 0:42:33 C:\WINDOWS\Explorer.EXE Process C:\WINDOWS\Explorer.EXE (PID: 1464) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 260). This behaviour is typical of some malware.
07.01.31 0:42:33 C:\WINDOWS\Explorer.EXE Attempt to terminate process
07.01.31 0:42:41 C:\WINDOWS\Explorer.EXE Attempt to terminate process: successfully
07.01.31 0:42:41 C:\WINDOWS\system32\notepad.exe Attempt to terminate process: successfully
07.01.31 0:42:41 C:\Program Files\Mozilla Firefox\firefox.exe Attempt to terminate process: successfully
07.01.31 0:42:41 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Attempt to terminate process: successfully
07.01.31 0:42:41 C:\WINDOWS\system32\ctfmon.exe Attempt to terminate process: successfully
07.01.31 0:42:41 C:\Program Files\Messenger\msmsgs.exe Attempt to terminate process: successfully
07.01.31 0:42:41 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe Attempt to terminate process: successfully
07.01.31 0:42:42 C:\Program Files\Anti Keylogger Elite\AKE.exe Attempt to terminate process: access denied or object not found
07.01.31 0:42:43 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe Attempt to terminate process: successfully
07.01.31 0:42:43 C:\Program Files\Common Files\Real\Update_OB\realsched.exe Attempt to terminate process: successfully
07.01.31 0:42:43 C:\Program Files\Logitech\Video\LogiTray.exe Attempt to terminate process: successfully
07.01.31 0:42:43 C:\WINDOWS\system32\LVCOMSX.EXE Attempt to terminate process: successfully
07.01.31 0:42:43 C:\WINDOWS\system32\rmctrl.exe Attempt to terminate process: successfully
07.01.31 0:42:44 C:\WINDOWS\SOUNDMAN.EXE Attempt to terminate process: successfully
07.01.31 0:42:44 C:\WINDOWS\system32\hkcmd.exe Attempt to terminate process: successfully
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process
 
#9 ·
C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 624). This behaviour is typical of some malware.
07.01.31 0:42:46 C:\WINDOWS\system32\winlogon.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 3272). This behaviour is typical of some malware.
07.01.31 0:43:02 C:\WINDOWS\system32\services.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220). This behaviour is typical of some malware.
07.01.31 0:44:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\notepad.exe (PID: 3708). This behaviour is typical of some malware.
07.01.31 0:44:31 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Process C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (PID: 3720) is attempting to invade process C:\WINDOWS\system32\ctfmon.exe (PID: 2972). This behaviour is typical of some malware.
07.01.31 0:45:29 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Action allowed (by exclusions).
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 2220) is attempting to invade process C:\WINDOWS\system32\mspaint.exe (PID: 2584). This behaviour is typical of some malware.
07.01.31 1:10:50 C:\Program Files\Mozilla Firefox\firefox.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648). This behaviour is typical of some malware.
07.01.31 1:15:47 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:09 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3648) is attempting to invade process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864). This behaviour is typical of some malware.
07.01.31 1:16:10 C:\Program Files\Internet Explorer\iexplore.exe Action allowed.
07.01.31 1:17:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:03 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (PID: 4032). This behaviour is typical of some malware.
07.01.31 1:17:04 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Process C:\Program Files\Spyware Doctor\swdoctor.exe (PID: 2864) is attempting to invade process \SystemRoot\System32\smss.exe (PID: 496). This behaviour is typical of some malware.
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process
07.01.31 1:18:31 C:\Program Files\Spyware Doctor\swdoctor.exe Attempt to terminate process: successfully
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup Rollback
07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\igdbs.dat Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Favorites Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1742-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1743-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e76297ac-182c-11db-94b0-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c041139c-183c-11db-bd0f-00e04c771968}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1741-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba9d1740-184c-11db-bd91-806d6172696f}\BaseClass Rollback
07.01.31 1:18:33 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData Rollback
07.01.31 1:18:33 C:\PROGRA~1\SPYWAR~1\common.ini Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.QuarantinedItemProxy Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C2CE6266-0404-4C54-96B4-8829852E3537} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.ScripterProxy Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EBankProblem Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE612304-E8F9-45D9-A444-32409D33E954} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\TypeLib Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\Version Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\ProgID Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient\Clsid Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\SpyDoctor.EMClient Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49}\LocalServer32 Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7976BEB-AB1E-46F7-8CCD-D4C9CD83BF49} Rollback
07.01.31 1:18:33 C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 Rollback: not found
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{0781F7A018B2EFAD7} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Licenses\{I781F7A018B2EFAD7} Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData Rollback
07.01.31 1:18:33 \REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs Rollback
07.01.31 1:18:24 C:\Program Files\Spyware Doctor\swdoctor.exe Rollback completed with some errors
07.01.31 1:50:02 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:02 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:18 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2572). This behaviour is typical of some malware.
07.01.31 1:50:18 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:27 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:27 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:42 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:43 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:43 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:44 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:44 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1768). This behaviour is typical of some malware.
07.01.31 1:50:44 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\ssflwbox.scr (PID: 2124). This behaviour is typical of some malware.
07.01.31 1:50:45 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:50:58 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:51:00 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Process C:\WINDOWS\system32\rundll32.exe (PID: 2572) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 4052). This behaviour is typical of some malware.
07.01.31 1:51:02 C:\WINDOWS\system32\rundll32.exe Action allowed.
07.01.31 1:52:05 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:05 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 624) is attempting to invade process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240). This behaviour is typical of some malware.
07.01.31 1:52:11 C:\WINDOWS\explorer.exe Action allowed.
07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:16 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:18 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Process C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe (PID: 1240) is attempting to invade process C:\WINDOWS\system32\rundll32.exe (PID: 2812). This behaviour is typical of some malware.
07.01.31 1:52:19 C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe Action allowed.
07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 588) is attempting to invade process C:\WINDOWS\system32\logon.scr (PID: 3424). This behaviour is typical of some malware.
07.01.31 1:57:39 C:\WINDOWS\system32\winlogon.exe Attempt to terminate process
07.01.31 1:57:55 C:\WINDOWS\system32\logon.scr Attempt to terminate process: successfully
07.01.31 1:57:55 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Process C:\WINDOWS\system32\services.exe (PID: 632) is attempting to invade process C:\WINDOWS\system32\imapi.exe (PID: 2436). This behaviour is typical of some malware.
07.01.31 1:58:19 C:\WINDOWS\system32\services.exe Attempt to terminate process
07.01.31 1:58:22 C:\WINDOWS\system32\imapi.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\alg.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\TaskManager.exe Attempt to terminate process: successfully
07.01.31 1:58:22 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Attempt to terminate process: successfully
07.01.31 1:58:22 C:\WINDOWS\system32\spoolsv.exe Attempt to terminate process: successfully
07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:14:08 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:19:18 C:\WINDOWS\System32\svchost.exe Action allowed.
07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Process C:\WINDOWS\System32\svchost.exe (PID: 924) is attempting to invade process C:\WINDOWS\system32\defrag.exe (PID: 2272). This behaviour is typical of some malware.
07.01.31 2:21:59 C:\WINDOWS\System32\svchost.exe Attempt to terminate process
07.01.31 2:22:03 C:\WINDOWS\system32\defrag.exe Attempt to terminate process: successfully
07.01.31 2:22:05 C:\WINDOWS\system32\wuauclt.exe Attempt to terminate process: successfully
07.01.31 2:25:03 C:\WINDOWS\explorer.exe Process C:\WINDOWS\explorer.exe (PID: 3884) is attempting to invade process C:\Program Files\Mozilla Firefox\firefox.exe (PID: 1164). This behaviour is typical of some malware.
07.01.31 2:25:03 C:\WINDOWS\explorer.exe Attempt to terminate process
07.01.31 2:25:07 C:\WINDOWS\explorer.exe Attempt to terminate process: successfully
07.01.31 2:25:07 C:\Program Files\Mozilla Firefox\firefox.exe Attempt to terminate process: successfully
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:Zbmvyyn Sversbk.yax Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinRAR.ZIP Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids\xslfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpl\OpenWithProgids\RealPlayer.PLSPL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids\MozillaXML Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids\Excel.Template Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids\Excel.Sheet.8 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids\WVXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wri\OpenWithProgids\wrifile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithProgids\WPLFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids\ASXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids\WMVFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids\wmffile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids\WMAFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids\ASFFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids\WAXFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids\soundrec Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids\txtfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids\MSPaper.Document Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids\MSPaper.Document Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids\SSM Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids\AUFile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids\RealPlayer.SMIL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids\RealPlayer.SMIL.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids\htmlfile Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx\OpenWithProgids\RealPlayer.RVX.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids\RealPlayer.RV.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids\Word.RTF.8 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids\RealPlayer.RSML.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids\RealJukebox.RMX.1 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\OpenWithProgids\RealPlayer.RMVB.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids\RealPlayer.RMS.6 Rollback
07.01.31 2:25:08 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids\RealJukebox.RMP.1 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids\RealPlayer.RAM.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj\OpenWithProgids\RealJukebox.RMJ.1 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids\midfile Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids\RealPlayer.RM.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax\OpenWithProgids\RealPlayer.RAX.6 Rollback
07.01.31 2:25:09 \REGISTRY\USER\S-1-5-21-606747145-1284227242-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids\RealPlayer.RAM.6
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top