problem sa msn virusima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pozz... evo me opet:D upao mi je neki virus sa msn-a, ono na foru neki zipovani fajl i neki tekst na engleskom-satro neke slike i sad se to siri svima sa moje friend liste...
citao sam neke slicne teme i uradio sam scan sa gmerom-kaze da je nasao neki rootkit... evo loga:

GMER 1.0.14.14536 - gmer.net
Rootkit scan 2008-09-04 20:25:11
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA53F4C8C]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF8424028]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xA53F43C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xA53F48A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xA53F543C]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF8417B00]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xA53F4080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xA53F6084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA53F4E72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xA53F3C50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xA53F50B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xA53F5268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xA53F3B02]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF84185DC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF8424120]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xA53F5D24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xA53F4AB0]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF8423FA4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xA53F3822]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xA53F4744]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xA53F39AA]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF84185FC]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF8424076]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xA53F57F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA53F4196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xA53F5AE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xA53F5EC4]
SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF8423550]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xA53F5602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xA53F45D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xA53F4638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xA53F3F4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xA53F3E18]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MyFreeWeather\myweather.exe[264] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\MyFreeWeather\myweather.exe[264] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00395060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00394F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 00394C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 003916D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] USER32.dll!keybd_event 77D96341 5 Bytes JMP 00391550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 00391860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 00391230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 003913C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 00394960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMT.exe[672] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 00394AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[740] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Eset\nod32krn.exe[764] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[836] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[848] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1000] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1048] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003B5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003B4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 003B4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] USER32.dll!keybd_event 77D96341 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 003B4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1080] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 003B4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1100] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HHVcdV5Sys\VC5SecS.exe[1104] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1168] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1408] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1504] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1552] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1768] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1876] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\sat\ClocX.exe[1920] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\713xRMTMon.exe[1928] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1988] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Winamp\winampa.exe[2004] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] GDI32.DLL!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] GDI32.DLL!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] GDI32.DLL!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\viett.exe[2012] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2028] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2080] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] USER32.DLL!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] USER32.DLL!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] USER32.DLL!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Korisnik\Desktop\gmer.exe[3772] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] ole32.dll!CoCreateInstanceEx 77500506 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] ole32.dll!CoGetClassObject 77505682 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] GDI32.dll!BitBlt 77F16DC0 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] GDI32.dll!CreateDCA 77F1CE55 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] GDI32.dll!CreateDCW 77F2F8CF 5 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] USER32.dll!EndTask 77D89C5D 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] USER32.dll!mouse_event 77D962FD 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[4040] USER32.dll!keybd_event 77D96341 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8237990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8237990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8237990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8237990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8237950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8237990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8237710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8237770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 835D9440

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 FsHotKey.SYS (Farstone hot key driver/Farstone Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 FsHotKey.SYS (Farstone hot key driver/Farstone Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Cdrom \Device\CdRom0 82F36A80
Device \FileSystem\Rdbss \Device\FsWrap 82E99C58
Device \Driver\Cdrom \Device\CdRom1 82F36A80
Device \Driver\Cdrom \Device\CdRom2 82F36A80
Device \Driver\Cdrom \Device\CdRom3 82F36A80
Device \Driver\Cdrom \Device\CdRom4 82F36A80
Device \FileSystem\Srv \Device\LanmanServer 82EC48C8

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\nvatabus \Device\NvAta0 82F3C408
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 829747E0
Device \Driver\nvatabus \Device\NvAta1 82F3C408
Device \FileSystem\MRxSmb \Device\LanmanRedirector 829747E0
Device \FileSystem\Npfs \Device\NamedPipe 82EA7870
Device \Driver\nvatabus \Device\0000007d 82F3C408
Device \Driver\nvatabus \Device\0000007e 82F3C408
Device \FileSystem\Msfs \Device\Mailslot 82AA2710
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 82EA8750
Device \Driver\cdawdm \Device\Scsi\cdawdm1 82ED32E0
Device \Driver\cdawdm \Device\Scsi\cdawdm1Port4Path0Target0Lun0 82ED32E0
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo i nastavka-nije ceo log iskopirao...


Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 82A37808
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 82A37808
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 82A37808
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 82A37808
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 82A37808
Device \FileSystem\Cdfs \Cdfs 8308BAC0

---- Processes - GMER 1.0.14 ----

Process C:\WINDOWS\system32\viett.exe (*** hidden *** ) 2012

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\System32\Drivers\vbev5mp.sys (*** hidden *** ) [SYSTEM] vbev5mp <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@NumberOfcdroms 1
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ImagePath System32\Drivers\vbev5mp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Start 1
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp@Tag 66
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Error
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Error@ Wrong number of arguments
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Result
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\DrvInstaller\Result@ 2
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@Count 0
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@NextInstance 0
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters\pnpinterface
Reg HKLM\SYSTEM\ControlSet001\Services\vbev5mp\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@NumberOfcdroms 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ImagePath System32\Drivers\vbev5mp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp@Tag 66
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Error
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Error@ Wrong number of arguments
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Result
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\DrvInstaller\Result@ 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@Count 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@NextInstance 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbev5mp\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@NumberOfcdroms 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@ServiceBinary C:\WINDOWS\system32\drivers\vbev5mp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@ImagePath System32\Drivers\vbev5mp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@Start 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp@Tag 66
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\DrvInstaller
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\DrvInstaller\Error
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\DrvInstaller\Error@ Wrong number of arguments
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\DrvInstaller\Result
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\DrvInstaller\Result@ 2
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\Enum
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\Enum@Count 0
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\Enum@NextInstance 0
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\parameters
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\parameters\pnpinterface
Reg HKLM\SYSTEM\ControlSet005\Services\vbev5mp\parameters\pnpinterface@1 1
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- EOF - GMER 1.0.14 ----

Dopuna: 04 Sep 2008 20:41

a evo i ovo za auto start...:


GMER 1.0.14.14536 - gmer.net
Autostart scan 2008-09-04 20:37:28
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe
Windows@AppInit_DLLs = C:\WINDOWS\system32\guard32.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
C-DillaCdaC11BA@ = C:\WINDOWS\System32\drivers\CDAC11BA.EXE
cmdAgent@ = "C:\Program Files\COMODO\Firewall\cmdagent.exe"
Diskeeper@ = "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
kavsvc@ = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" /*file not found*/
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
NOD32krn@ = "C:\Program Files\Eset\nod32krn.exe"
Norman ZANDA@ = C:\Norman\NVC\BIN\Zanda.exe /*file not found*/
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
StyleXPService@ = "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" /*file not found*/
VC5SecS@ = "C:\Program Files\HHVcdV5Sys\VC5SecS.exe"
Venturi2@ = C:\Program Files\Venturi2\Client\ventc.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
@CoolSwitchC:\WINDOWS\system32\taskswitch.exe = C:\WINDOWS\system32\taskswitch.exe
@ClocXD:\sat\ClocX.exe = D:\sat\ClocX.exe
@TV Card Remote Control Device MonitorC:\WINDOWS\713xRMTMon.exe ??? ? T a ?C? x?? ??? x?? ? x?? ? ? ???? x?? ?? ?C? ? T a x?? m a x?? ???|\C? ??? ??? ? ?? ??? h?? ??? ( ??? ??A ?? = C:\WINDOWS\713xRMTMon.exe ??? ? T a ?C? x?? ??? x?? ? x?? ? ? ???? x?? ?? ?C? ? T a x?? m a x?? ???|\C? ??? ??? ? ?? ??? h?? ??? ( ??? ??A ??
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@WinampAgent"C:\Program Files\Winamp\winampa.exe" = "C:\Program Files\Winamp\winampa.exe"
@viettC:\WINDOWS\system32\viett.exe \j = C:\WINDOWS\system32\viett.exe \j
@COMODO Firewall Pro"C:\Program Files\COMODO\Firewall\cfp.exe" -h = "C:\Program Files\COMODO\Firewall\cfp.exe" -h

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Windows Live MessengerC:\Program Files\Windows Live\Messenger\msnmsgr.exe = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
@msnmsgr"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
@myweather"C:\Program Files\MyFreeWeather\myweather.exe" /autorun = "C:\Program Files\MyFreeWeather\myweather.exe" /autorun

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\WZSHLSTB.DLL = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} /*CorelDRAW Shell Extension Component*/C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll = C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
@(null) =
@{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} /*PhotoToys*/C:\WINDOWS\System32\phototoys.dll = C:\WINDOWS\System32\phototoys.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\System32\AcSignIcon.dll = C:\WINDOWS\System32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real Alternative\rpshell.dll = C:\Program Files\Real Alternative\rpshell.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Program Files\Eset\nodshex.dll = C:\Program Files\Eset\nodshex.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =
@{A5110426-177D-4e08-AB3F-785F10B4439C} /*Sony Ericsson File Manager*/C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll = C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Universal Plug and Play Devices*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} /*dBpoweramp Music Converter*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\system32\uxtuneup.dll = %SystemRoot%\system32\uxtuneup.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
MakeFile Class@{D8504558-278D-4A93-BCBC-75B142CAA3B3} = C:\WINDOWS\system32\vdshell.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
FolderShell Class@{24C0824F-BC16-41DB-9845-DE545941C3B0} = C:\WINDOWS\system32\vdshell.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar1.dll = c:\program files\google\googletoolbar1.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.rs/ = google.rs/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
ic32pp@CLSID = C:\WINDOWS\wc98pp.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C507F9DC-D8BA-4C03-945A-D03885B1FE79} /*Local Area Connection*/ >>>
@IPAddress192.168.0.199 = 192.168.0.199
@NameServer192.168.0.1 = 192.168.0.1
@DefaultGateway192.168.0.1 = 192.168.0.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = vlsp.dll
000000000002@PackedCatalogItem = vlsp.dll
000000000003@PackedCatalogItem = vlsp.dll
000000000004@PackedCatalogItem = vlsp.dll
000000000005@PackedCatalogItem = vlsp.dll
000000000006@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000007@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000008@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000009@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000010@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000016@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017@PackedCatalogItem = vlsp.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Microsoft Office.lnk

---- EOF - GMER 1.0.14 ----

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da ispratiš uputstvo za otvaranje teme:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok nema frke... evo hjt loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:26, on 4.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\taskswitch.exe
D:\sat\ClocX.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MyFreeWeather\myweather.exe
C:\WINDOWS\713xRMT.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Korisnik\Desktop\za MyCity\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ClocX] D:\sat\ClocX.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [viett] C:\WINDOWS\system32\viett.exe \j
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Live Messenger] C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [myweather] "C:\Program Files\MyFreeWeather\myweather.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....3140282540
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....6477468218
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx
O16 - DPF: {DC489D1D-8814-461D-8DA4-32F8A59E8811} (FonLiderPlayer Control) - beogradjanke.com/FLPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C507F9DC-D8BA-4C03-945A-D03885B1FE79}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe (file missing)
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
O23 - Service: Venturi2 Client (Venturi2) - Unknown owner - C:\Program Files\Venturi2\Client\ventc.exe (file missing)

--
End of file - 8367 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Redom isprati sledeća uputstva...


Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Files to delete:
C:\WINDOWS\system32\viett.exe

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | viett


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.


-------------------------------------------------------------------------------------


Uploaduj file: C:\Avenger\backup.zip

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------


Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

evo uradio sam sve sto si rekao i uploadovao sam fajl C:\Avenger\backup.zip evo i logova:


Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\viett.exe" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|viett" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



-------------------------------------------------------------------------------------

I za gmer:

mycity.rs/must-login.png


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo log za combo:



ComboFix 08-09-04.09 - Korisnik 2008-09-05 7:35:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.168 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-04 09:04 . 2008-09-04 23:07 250 --a------ C:\WINDOWS\gmer.ini
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Program Files\COMODO
2008-09-02 00:47 . 2008-09-02 00:47 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Comodo
2008-09-02 00:47 . 2008-09-02 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-02 00:47 . 2008-09-02 00:47 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-02 00:47 . 2008-09-02 00:47 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-02 00:47 . 2008-09-02 00:47 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-01 17:13 . 2008-09-01 22:40 107,520 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-09-01 17:13 . 2008-09-01 17:13 33,280 ---h----- C:\Documents and Settings\Korisnik\ogbv.exe
2008-09-01 17:12 . 2008-08-19 19:24 19,456 ---h----- C:\Documents and Settings\Korisnik\ayvm.exe
2008-08-31 00:51 . 2008-08-31 00:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-29 21:39 . 2008-08-31 01:12 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-28 19:51 . 2008-09-03 04:34 <DIR> d-------- C:\DVDVideoSoft
2008-08-28 15:45 . 2008-08-28 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiComponents
2008-08-28 14:59 . 2008-08-28 20:02 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-28 14:59 . 2008-08-28 20:03 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-25 23:44 . 2008-08-26 01:28 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Winamp
2008-08-25 20:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-25 20:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-25 14:42 . 2008-08-25 14:42 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-25 14:39 . 2008-08-25 20:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-25 14:23 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 13:04 . 2008-08-25 13:20 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-08 13:09 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-08 13:09 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-08 13:08 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 22:16 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\BearShare
2008-09-03 23:31 --------- d-----w C:\Program Files\Planplus
2008-09-01 15:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-30 22:57 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DNA
2008-08-30 00:02 --------- d-----w C:\Program Files\DNA
2008-08-28 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 21:44 --------- d-----w C:\Program Files\Winamp
2008-08-24 22:02 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-18 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:10 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-07-18 12:10 --------- d-----w C:\Program Files\AvRack
2008-07-16 12:32 --------- d-----w C:\Program Files\Warcraft III
2008-07-15 20:30 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-15 13:56 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-13 17:33 1,283,912 ----a-w C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-07-13 17:33 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enUS
2008-07-13 17:33 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-13 14:03 --------- d-----w C:\Program Files\SweetIM
2008-07-10 17:51 103,832 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2008-07-10 10:29 --------- d--h--r C:\Documents and Settings\Korisnik\Application Data\SecuROM
2008-07-10 09:56 --------- d-----w C:\Program Files\Aspyr
2008-07-10 09:36 --------- d-----w C:\Program Files\Black Bean
2008-07-09 18:09 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Sidebar
2008-07-09 17:15 --------- d-----w C:\Program Files\YouTube Downloader
2008-07-09 17:03 --------- d-----w C:\Program Files\MyFreeWeather
2008-07-07 23:18 --------- d-----w C:\Program Files\Typing Test TQ
2008-07-07 23:15 --------- d-----w C:\Program Files\10 Finger BreakOut
2008-07-07 22:22 --------- d-----w C:\Program Files\Fildza's Entertainment Company
2008-07-06 22:24 --------- d-----w C:\Program Files\SaljiPoruke-desktop
2008-07-06 22:20 --------- d-----w C:\Program Files\Sun
2008-07-06 22:20 --------- d-----w C:\Program Files\Java
2008-07-05 17:34 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-05 17:27 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dBpoweramp
2008-07-05 17:22 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\AccurateRip
2008-07-05 17:21 --------- d-----w C:\Program Files\Illustrate
2008-07-05 16:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\MP3Rocket
2008-06-11 18:19 1,376,528 ----a-w C:\WINDOWS\system32\MSVBVM60.DLL
2008-06-10 21:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 16:27 8 ----a-w C:\Documents and Settings\Korisnik\Application Data\usb.dat.bin
2007-05-07 11:18 92,064 ----a-w C:\Documents and Settings\Korisnik\mqdmmdm.sys
2007-05-07 11:18 9,232 ----a-w C:\Documents and Settings\Korisnik\mqdmmdfl.sys
2007-05-07 11:18 79,328 ----a-w C:\Documents and Settings\Korisnik\mqdmserd.sys
2007-05-07 11:18 66,656 ----a-w C:\Documents and Settings\Korisnik\mqdmbus.sys
2007-05-07 11:18 6,208 ----a-w C:\Documents and Settings\Korisnik\mqdmcmnt.sys
2007-05-07 11:18 5,936 ----a-w C:\Documents and Settings\Korisnik\mqdmwhnt.sys
2007-05-07 11:18 4,048 ----a-w C:\Documents and Settings\Korisnik\mqdmcr.sys
2007-05-07 11:18 25,600 ----a-w C:\Documents and Settings\Korisnik\usbsermptxp.sys
2007-05-07 11:18 22,768 ----a-w C:\Documents and Settings\Korisnik\usbsermpt.sys
2007-12-02 14:33 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Windows Live Messenger"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"myweather"="C:\Program Files\MyFreeWeather\myweather.exe" [2008-06-20 3115008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-15 921600]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"ClocX"="D:\sat\ClocX.exe" [2002-12-31 103936]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2006-10-11 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-09-02 1655552]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.GBXX"= GBXXvfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Openwares LiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Sierra\\Half-Life\\hltv.exe"=
"C:\\Program Files\\FarStone\\VirtualDrive\\MGR.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\WINDOWS\\system32\\AUTMGR32.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2002-01-24 46735]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-02 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-02 24208]
R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
R3 FsHotKey;FsHotKey;C:\WINDOWS\system32\drivers\FsHotKey.sys [2002-01-19 3855]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [ ]
S0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [ ]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [ ]
S1 vbev5mp;vbev5mp;C:\WINDOWS\system32\Drivers\vbev5mp.sys [2003-05-07 57008]
S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]
S3 DrmCDriverV32;DrmCDriverV32;C:\WINDOWS\system32\drivers\DrmCDriverV32.sys [2008-04-17 508544]
S3 DrmCVideo32;DrmCVideo32;C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys [2008-04-17 3768]
S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2002-01-19 6356]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 508544]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 184320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bd48f08-d30d-11db-86d5-0018f377d88b}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f026ec-0af4-11dc-88cf-96e49dc590c9}]
\Shell\AutoRun\command - G:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\58tpz96z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.rs/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-05 07:39:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\713xRMTMon.exe???????????????T?a??C??x???????????????????????x???????????x???????????????????????????????????x????????C??????????T?a?x???m?a?x??????????????|\C??????????????????????????????????????????????????????????h???????????????(?????????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vbev5mp]
"ImagePath"="System32\Drivers\vbev5mp.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-09-05 7:43:25
ComboFix-quarantined-files.txt 2008-09-05 05:42:24
ComboFix2.txt 2008-08-29 23:45:37

Pre-Run: 18,881,417,216 bytes free
Post-Run: 18,992,930,816 bytes free

222

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj sledeći file: C:\WINDOWS\system32\drivers\ndisio.sys


http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uploadovao sam....