MyCity » Ambulanta -> Arhiva Ambulante » nesto sam zakacio

nesto sam zakacio

Napisano na dan: 9.9.2008

Strana:
1
2

nesto sam zakacio

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nesho_15 Poslao: 09 Sep 2008 21:29 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:20:44, on 9.9.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\svchost.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS.0\RTHDCPL.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS.0\system32\RUNDLL32.EXE C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Documents and Settings\Nesho & Nedja\sccs.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\GIGABYTE\Common\GNConfig.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS.0\regedit.exe C:\WINDOWS.0\system32\mmc.exe D:\internet\hijack this\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Nesho & Nedja\sccs.exe O4 - HKLM\..\Run: [Java Update] C:\Documents and Settings\Nesho & Nedja\css.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe -- End of file - 6242 bytes kad god ugasim racunar pojavi mi se da kao ne moze da ode na neki URL i ugasi se. kaspersky mi je pronasao Zlob i jos neki virus na fajlu css.exe ne brise ih vec ih samo blokira i taj css.exe i sccs.exe su mi se pojavili u startup-u.

Profil

dr_Bora Poslao: 09 Sep 2008 21:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... * Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection. * U prozoru koji se otvori, izaberi By User Request. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

nesho_15 Poslao: 09 Sep 2008 22:06 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo Combofix log-a ComboFix 08-09-05.12 - Nesho & Nedja 2008-09-09 21:50:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1579 [GMT 2:00] Running from: D:\internet\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Nesho & Nedja\Application Data\addons.dat C:\Documents and Settings\Nesho & Nedja\Favorites\Games.url . ((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))) . 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Common Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 0 --a------ C:\WINDOWS.0\system32\_r_a_p_.tmp 2008-09-09 08:52 . 2008-09-09 08:52 581,120 ---hs---- C:\Documents and Settings\Nesho & Nedja\css.exe 2008-09-09 08:52 . 2008-09-09 08:52 519,168 ---hs---- C:\Documents and Settings\Nesho & Nedja\intelOP.exe 2008-09-09 08:52 . 2008-09-09 08:52 103,936 ---hs---- C:\Documents and Settings\Nesho & Nedja\sccs.exe 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-08 09:53 . 2008-09-08 09:53 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\KC Softwares 2008-09-07 22:13 . 2008-09-07 22:25 160 --a------ C:\WINDOWS.0\MyDrivers.ini 2008-09-06 22:13 . 2008-09-06 22:14 610,164,736 --a------ C:\windowsxpsp2.iso 2008-09-06 22:07 . 2007-09-11 15:12 28,601,472 --a------ C:\image.sub 2008-09-06 22:06 . 2007-09-11 15:12 772 --a------ C:\image.ccd 2008-09-06 20:59 . 2007-09-11 15:12 700,736,064 --a------ C:\image.img 2008-09-05 11:22 . 2008-09-05 11:24 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData 2008-09-01 08:51 . 2008-09-01 09:26 <DIR> d-------- C:\WINDOWS.0\system32\Adobe 2008-09-01 08:05 . 2008-09-01 08:05 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:01 <DIR> d-------- C:\Program Files\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:04 1,461 --a------ C:\WINDOWS.0\disney.ini 2008-08-31 23:12 . 2008-09-01 08:15 <DIR> d-------- C:\Program Files\SEGA 2008-08-31 16:06 . 2008-08-31 16:06 <DIR> d-------- C:\Program Files\Softick 2008-08-31 15:18 . 2008-08-31 19:18 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Samsung 2008-08-31 15:17 . 2008-08-31 15:17 <DIR> d-------- C:\WINDOWS.0\system32\Samsung_USB_Drivers 2008-08-31 15:17 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS.0\system32\framedyn.dll 2008-08-31 15:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS.0\system32\drivers\StarOpen.sys 2008-08-31 15:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS.0\system32\Uninstall.ico 2008-08-31 11:45 . 2008-08-31 11:45 <DIR> d-------- C:\Program Files\Atari 2008-08-30 23:27 . 2008-08-30 23:27 <DIR> d-------- C:\Program Files\Groove Games 2008-08-30 23:05 . 2008-08-30 23:05 <DIR> d-------- C:\Program Files\Raw Modders Union 2008-08-29 23:37 . 2008-08-31 23:08 <DIR> d-------- C:\Program Files\City Interactive 2008-08-28 18:24 . 2008-08-28 18:24 268 --ah----- C:\sqmdata01.sqm 2008-08-28 18:24 . 2008-08-28 18:24 244 --ah----- C:\sqmnoopt01.sqm 2008-08-28 15:59 . 2008-08-30 23:23 <DIR> d-------- C:\Program Files\SweetIM 2008-08-26 13:02 . 2008-08-26 21:31 <DIR> d-------- C:\Program Files\FF Player 2008-08-25 17:04 . 2008-08-25 17:04 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 12:46 . 2008-08-24 12:47 <DIR> d-------- C:\WINDOWS.0\SHELLNEW 2008-08-24 12:46 . 2008-08-24 12:46 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-08-24 12:46 . 2008-08-24 12:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-24 11:42 . 2008-08-24 11:42 66,331 --a------ C:\WINDOWS.0\system32\newls.exe 2008-08-20 10:01 . 2008-08-20 10:37 <DIR> d-------- C:\Program Files\Cheatbook Database 2008 2008-08-19 19:34 . 2008-08-20 10:17 <DIR> d-------- C:\Program Files\Microsoft Games 2008-08-19 11:49 . 2008-08-19 11:49 <DIR> d-------- C:\Program Files\Lavals 2008-08-16 16:18 . 2008-08-28 15:45 <DIR> d-------- C:\Program Files\Activision Value 2008-08-16 13:31 . 2008-08-16 13:31 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\GarageGames 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.Tribler 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.SwarmPlayer 2008-08-13 18:34 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS.0\system32\msvcp71.dll 2008-08-13 18:02 . 2008-08-13 18:02 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\JLC's Software 2008-08-13 17:58 . 2008-08-13 17:58 10 --a------ C:\WINDOWS.0\system32\810429tv4-test.jun 2008-08-13 10:47 . 2008-08-13 13:46 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Contacts 2008-08-13 10:46 . 2008-08-13 10:46 268 --ah----- C:\sqmdata00.sqm 2008-08-13 10:46 . 2008-08-13 10:46 244 --ah----- C:\sqmnoopt00.sqm 2008-08-13 10:41 . 2008-08-13 10:41 <DIR> d-------- C:\Program Files\MSN Messenger 2008-08-12 13:56 . 2008-08-12 13:57 <DIR> d-------- C:\Program Files\Mv2Player 2008-08-12 12:04 . 2008-08-12 12:04 523,324 --a------ C:\WINDOWS.0\system32\PerfStringBackup.TMP 2008-08-12 11:57 . 2008-08-12 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 11:57 . 2008-08-24 12:47 382 --a------ C:\WINDOWS.0\ODBC.INI 2008-08-10 18:24 . 2008-08-10 18:24 98,304 --a------ C:\WINDOWS.0\system32\CmdLineExt.dll 2008-08-10 18:05 . 2008-08-29 22:33 <DIR> d-------- C:\Program Files\Rockstar Games 2008-08-09 13:14 . 2008-08-09 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-08-09 11:11 . 2008-09-09 21:53 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\BitTorrent 2008-08-09 10:57 . 2008-08-09 10:58 <DIR> d-------- C:\Program Files\BitTorrent 2008-08-09 10:57 . 2008-08-30 18:49 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\DNA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-09 19:53 426,016 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.dat 2008-09-09 19:53 3,584 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.idx 2008-09-09 19:53 16,744 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.idx 2008-09-09 19:53 1,870,880 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.dat 2008-09-09 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-09 18:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-09 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-09-09 07:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-30 21:22 --------- d-----w C:\Program Files\EA GAMES 2008-08-30 16:40 --------- d-----w C:\Program Files\DNA 2008-08-22 12:09 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\FrostWire 2008-08-14 10:20 --------- d-----w C:\Program Files\Java 2008-08-12 10:05 --------- d-----w C:\Program Files\MSBuild 2008-08-08 17:39 --------- d-----w C:\Program Files\Mirage Interactive 2008-08-07 16:52 --------- d-----w C:\Program Files\Unlocker 2008-08-07 16:48 --------- d-----w C:\Program Files\DietMP3 2008-08-07 16:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Malwarebytes 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 16:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-08-07 14:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Media Player Classic 2008-08-07 14:24 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-07 14:08 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer 2008-08-07 14:07 --------- d-----w C:\Program Files\Webteh 2008-08-06 21:07 --------- d-----w C:\Program Files\CyberLink 2008-08-06 21:04 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\CyberLink 2008-08-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-08-06 19:22 --------- d--h--r C:\Documents and Settings\Nesho & Nedja\Application Data\yahoo! 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-08-06 19:18 --------- d-----w C:\Program Files\IVT Corporation 2008-08-06 17:57 --------- d-----w C:\Program Files\Vimicro Corporation 2008-08-06 17:56 --------- d-----w C:\Program Files\Vimicro 2008-08-06 17:54 --------- d-----w C:\Program Files\Winamp 2008-08-06 17:42 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Ahead 2008-08-06 17:38 96,976 ---ha-w C:\WINDOWS.0\system32\drivers\klin.dat 2008-08-06 17:24 --------- d-----w C:\Program Files\FrostWire 2008-08-06 17:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-06 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-06 17:18 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-06 17:12 --------- d-----w C:\Program Files\Yahoo! 2008-08-06 17:10 717,296 ---ha-w C:\WINDOWS.0\system32\drivers\sptd.sys 2008-08-06 17:10 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\DAEMON Tools 2008-08-06 16:26 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer Pro 2008-08-06 15:55 --------- d-----w C:\Program Files\Lavalys 2008-08-06 15:37 87,855 ---ha-w C:\WINDOWS.0\system32\drivers\klick.dat 2008-08-06 15:20 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-06 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-06 15:18 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-08-06 15:16 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\URSoft 2008-08-06 15:07 21,419 ---ha-w C:\WINDOWS.0\system32\drivers\AegisP.sys 2008-08-06 15:06 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\InstallShield 2008-08-06 14:59 --------- d-----w C:\Program Files\Realtek 2008-08-06 14:59 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Styler 2008-08-06 14:39 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Talkback 2008-08-06 14:37 --------- d-----w C:\Program Files\GIGABYTE 2008-08-06 14:04 --------- d-----w C:\Program Files\Styler 2008-08-06 13:27 --------- d-----w C:\Program Files\Intel 2008-08-06 13:16 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-06 13:15 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-06 13:15 --------- d-----w C:\Program Files\Alky for Applications 2008-08-06 13:14 --------- d-----w C:\Program Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Java 2008-08-06 13:10 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-06 13:00 --------- d-----w C:\Program Files\VistaExperience.org 2008-08-06 12:56 --------- d-----w C:\Program Files\Desktop 2008-08-06 12:55 --------- d-----w C:\Program Files\Microsoft PowerToys 2008-08-06 12:55 --------- d-----w C:\Program Files\LClock 2008-07-30 18:07 38,472 ----a-w C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys 2008-07-30 18:07 17,144 ----a-w C:\WINDOWS.0\system32\drivers\mbam.sys 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS.0\system32\ff_vfw.dll . ------- Sigcheck ------- 2008-04-23 16:32 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS.0\system32\drivers\tcpip.sys 2008-04-23 07:34 2350208 af263738fad02e11d21f2c8f18054c80 C:\WINDOWS.0\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [8/6/2008 5:07:01 PM 741376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "SfcDisable"=dword:ffffff9d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^Nesho & Nedja^Start Menu^Programs^Startup^Styler.lnk] path=C:\Documents and Settings\Nesho & Nedja\Start Menu\Programs\Startup\Styler.lnk backup=C:\WINDOWS.0\pss\Styler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-03-22 22:18 1271808 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-06-15 13:40 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 17:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] --a------ 2007-04-13 18:08 114688 C:\Program Files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\internet\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= R0 iteraid;ITERAID_Service_Install;C:\WINDOWS.0\system32\DRIVERS\iteraid.sys [2004-12-10 25105] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS.0\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS.0\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 VMUVC;Vimicro Camera Service VMUVC;C:\WINDOWS.0\system32\Drivers\VMUVC.sys [2007-09-05 248448] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\WINDOWS.0\system32\drivers\vvftUVC.sys [2007-06-13 476032] S3 FXDRV;FXDRV;F:\Fxdrv.sys [ ] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6F60F9B6-C678-3DCB-F4CB-9AA3D1DCBD55}] C:\WINDOWS.0\system32\drivers\cscript.exe s [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . - - - - ORPHANS REMOVED - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) MSConfigStartUp-AdVantage - C:\Program Files\AdVantage\AdVantage.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nesho & Nedja\Application Data\Mozilla\Firefox\Profiles\fjk2ivql.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.rs . . ------- File Associations (Beta) ------- . regfile=regedit.exe "%1" %* scrfile="%1" %* . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 21:55:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP] "ImagePath"="system32\DRIVERS\AegisP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP] "ImagePath"="\"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe\" -r" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="C:\WINDOWS.0\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BlueletAudio] "ImagePath"="system32\DRIVERS\blueletaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BlueletSCOAudio] "ImagePath"="system32\DRIVERS\BlueletSCOAudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BT] "ImagePath"="system32\DRIVERS\btnetdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Btcsrusb] "ImagePath"="System32\Drivers\btcusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHidEnum] "ImagePath"="System32\Drivers\vbtenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHidMgr] "ImagePath"="System32\Drivers\BTHidMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE] "ImagePath"="system32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="C:\WINDOWS.0\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="c:\WINDOWS.0\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FXDRV] "ImagePath"="\??\F:\Fxdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT] "ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc] "ImagePath"="\"c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="C:\WINDOWS.0\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iteraid] "ImagePath"="system32\DRIVERS\iteraid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1] "ImagePath"="system32\drivers\kl1.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klbg] "ImagePath"="system32\drivers\klbg.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF] "ImagePath"="system32\DRIVERS\klif.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klim5] "ImagePath"="system32\DRIVERS\klim5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="C:\WINDOWS.0\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="C:\WINDOWS.0\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv] "ImagePath"="system32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose] "ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20] "ImagePath"="system32\DRIVERS\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="C:\WINDOWS.0\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM] "ImagePath"="System32\Drivers\RootMdm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RT61] "ImagePath"="system32\DRIVERS\RT61.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="C:\WINDOWS.0\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="C:\WINDOWS.0\system32\dllhost.exe /Processid:{A260881C-6E30-4ED7-AC6C-2412365E1C22}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="C:\WINDOWS.0\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5] "ImagePath"="\??\C:\Program Files\Unlocker\UnlockerDriver5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvc] "ImagePath"="\"C:\Program Files\MSN Messenger\usnsvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VComm] "ImagePath"="system32\DRIVERS\VComm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VcommMgr] "ImagePath"="System32\Drivers\VcommMgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VMUVC] "ImagePath"="System32\Drivers\VMUVC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vvftUVC] "ImagePath"="system32\drivers\vvftUVC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="C:\WINDOWS.0\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="C:\WINDOWS.0\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="C:\WINDOWS.0\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"C:\Program Files\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="C:\WINDOWS.0\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{CE877E37-2072-418B-AD6E-26FFCDFB4CF2}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DA47CE77-AA60-4BDB-B641-E0B6D77A48AC}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{F182C6D8-137B-4402-A02D-BDDC6CEFDA5F}] . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\wscntfy.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS.0\RTHDCPL.EXE C:\WINDOWS.0\system32\rundll32.exe C:\Documents and Settings\Nesho & Nedja\sccs.exe C:\Documents and Settings\Nesho & Nedja\css.exe . ************************************************************************ . Completion time: 2008-09-09 21:59:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-09 19:59:11 Pre-Run: 17,235,243,008 bytes free Post-Run: 17,639,424,000 bytes free 802

Profil

dr_Bora Poslao: 09 Sep 2008 23:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj sledeći file na proveru: C:\WINDOWS.0\system32\newls.exe Upload link: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Documents and Settings\Nesho & Nedja\css.exe C:\Documents and Settings\Nesho & Nedja\intelOP.exe C:\Documents and Settings\Nesho & Nedja\sccs.exe C:\WINDOWS.0\system32\drivers\cscript.exe Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6F60F9B6-C678-3DCB-F4CB-9AA3D1DCBD55}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nesho_15 Poslao: 10 Sep 2008 09:06 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uplodovao sam fajl i uradio ono sa Combofixom kako si mi rekao,samo sam zarboravio da iskljucim kaspersky i kada se racunar restartovao da bi napravio log pojavila se samo pozadina sa logom.kada sam zatvorio log komp se zapucao pa sam ga morao restartovati.evo loga ComboFix 08-09-05.12 - Nesho & Nedja 2008-09-10 8:44:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1608 [GMT 2:00] Running from: D:\internet\ComboFix.exe Command switches used :: C:\Documents and Settings\Nesho & Nedja\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Nesho & Nedja\css.exe C:\Documents and Settings\Nesho & Nedja\intelOP.exe C:\Documents and Settings\Nesho & Nedja\sccs.exe C:\WINDOWS.0\system32\drivers\cscript.exe . ((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))) . 2008-09-10 08:34 . 2008-09-10 08:34 <DIR> d-------- C:\WINDOWS.0\system32\xircom 2008-09-10 08:33 . 2008-09-10 08:33 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Common Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 0 --a------ C:\WINDOWS.0\system32\_r_a_p_.tmp 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-08 09:53 . 2008-09-08 09:53 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\KC Softwares 2008-09-07 22:13 . 2008-09-07 22:25 160 --a------ C:\WINDOWS.0\MyDrivers.ini 2008-09-06 22:13 . 2008-09-06 22:14 610,164,736 --a------ C:\windowsxpsp2.iso 2008-09-06 22:07 . 2007-09-11 15:12 28,601,472 --a------ C:\image.sub 2008-09-06 22:06 . 2007-09-11 15:12 772 --a------ C:\image.ccd 2008-09-06 20:59 . 2007-09-11 15:12 700,736,064 --a------ C:\image.img 2008-09-05 11:22 . 2008-09-05 11:24 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData 2008-09-01 08:51 . 2008-09-01 09:26 <DIR> d-------- C:\WINDOWS.0\system32\Adobe 2008-09-01 08:05 . 2008-09-01 08:05 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:01 <DIR> d-------- C:\Program Files\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:04 1,461 --a------ C:\WINDOWS.0\disney.ini 2008-08-31 23:12 . 2008-09-01 08:15 <DIR> d-------- C:\Program Files\SEGA 2008-08-31 16:06 . 2008-08-31 16:06 <DIR> d-------- C:\Program Files\Softick 2008-08-31 15:18 . 2008-08-31 19:18 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Samsung 2008-08-31 15:17 . 2008-08-31 15:17 <DIR> d-------- C:\WINDOWS.0\system32\Samsung_USB_Drivers 2008-08-31 15:17 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS.0\system32\framedyn.dll 2008-08-31 15:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS.0\system32\drivers\StarOpen.sys 2008-08-31 15:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS.0\system32\Uninstall.ico 2008-08-31 11:45 . 2008-08-31 11:45 <DIR> d-------- C:\Program Files\Atari 2008-08-30 23:27 . 2008-08-30 23:27 <DIR> d-------- C:\Program Files\Groove Games 2008-08-30 23:05 . 2008-08-30 23:05 <DIR> d-------- C:\Program Files\Raw Modders Union 2008-08-29 23:37 . 2008-08-31 23:08 <DIR> d-------- C:\Program Files\City Interactive 2008-08-28 18:24 . 2008-08-28 18:24 268 --ah----- C:\sqmdata01.sqm 2008-08-28 18:24 . 2008-08-28 18:24 244 --ah----- C:\sqmnoopt01.sqm 2008-08-28 15:59 . 2008-08-30 23:23 <DIR> d-------- C:\Program Files\SweetIM 2008-08-26 13:02 . 2008-08-26 21:31 <DIR> d-------- C:\Program Files\FF Player 2008-08-25 17:04 . 2008-08-25 17:04 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 12:46 . 2008-08-24 12:47 <DIR> d-------- C:\WINDOWS.0\SHELLNEW 2008-08-24 12:46 . 2008-08-24 12:46 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-08-24 12:46 . 2008-08-24 12:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-24 11:42 . 2008-08-24 11:42 66,331 --a------ C:\WINDOWS.0\system32\newls.exe 2008-08-20 10:01 . 2008-08-20 10:37 <DIR> d-------- C:\Program Files\Cheatbook Database 2008 2008-08-19 19:34 . 2008-08-20 10:17 <DIR> d-------- C:\Program Files\Microsoft Games 2008-08-19 11:49 . 2008-08-19 11:49 <DIR> d-------- C:\Program Files\Lavals 2008-08-16 16:18 . 2008-08-28 15:45 <DIR> d-------- C:\Program Files\Activision Value 2008-08-16 13:31 . 2008-08-16 13:31 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\GarageGames 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.Tribler 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.SwarmPlayer 2008-08-13 18:34 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS.0\system32\msvcp71.dll 2008-08-13 18:02 . 2008-08-13 18:02 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\JLC's Software 2008-08-13 17:58 . 2008-08-13 17:58 10 --a------ C:\WINDOWS.0\system32\810429tv4-test.jun 2008-08-13 10:47 . 2008-08-13 13:46 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Contacts 2008-08-13 10:46 . 2008-08-13 10:46 268 --ah----- C:\sqmdata00.sqm 2008-08-13 10:46 . 2008-08-13 10:46 244 --ah----- C:\sqmnoopt00.sqm 2008-08-13 10:41 . 2008-08-13 10:41 <DIR> d-------- C:\Program Files\MSN Messenger 2008-08-12 13:56 . 2008-08-12 13:57 <DIR> d-------- C:\Program Files\Mv2Player 2008-08-12 12:04 . 2008-08-12 12:04 523,324 --a------ C:\WINDOWS.0\system32\PerfStringBackup.TMP 2008-08-12 11:57 . 2008-08-12 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 11:57 . 2008-08-24 12:47 382 --a------ C:\WINDOWS.0\ODBC.INI 2008-08-10 18:24 . 2008-08-10 18:24 98,304 --a------ C:\WINDOWS.0\system32\CmdLineExt.dll 2008-08-10 18:05 . 2008-08-29 22:33 <DIR> d-------- C:\Program Files\Rockstar Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-10 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-09-09 20:19 426,016 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.dat 2008-09-09 20:19 3,584 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.idx 2008-09-09 20:19 16,744 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.idx 2008-09-09 20:19 1,870,880 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.dat 2008-09-09 19:53 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BitTorrent 2008-09-09 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-09 18:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-09 07:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-30 21:22 --------- d-----w C:\Program Files\EA GAMES 2008-08-30 16:49 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\DNA 2008-08-30 16:40 --------- d-----w C:\Program Files\DNA 2008-08-22 12:09 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\FrostWire 2008-08-14 10:20 --------- d-----w C:\Program Files\Java 2008-08-12 10:05 --------- d-----w C:\Program Files\MSBuild 2008-08-09 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-08-09 08:58 --------- d-----w C:\Program Files\BitTorrent 2008-08-08 17:39 --------- d-----w C:\Program Files\Mirage Interactive 2008-08-07 16:52 --------- d-----w C:\Program Files\Unlocker 2008-08-07 16:48 --------- d-----w C:\Program Files\DietMP3 2008-08-07 16:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Malwarebytes 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 16:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-08-07 14:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Media Player Classic 2008-08-07 14:24 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-07 14:08 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer 2008-08-07 14:07 --------- d-----w C:\Program Files\Webteh 2008-08-06 21:07 --------- d-----w C:\Program Files\CyberLink 2008-08-06 21:04 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\CyberLink 2008-08-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-08-06 19:22 --------- d--h--r C:\Documents and Settings\Nesho & Nedja\Application Data\yahoo! 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-08-06 19:18 --------- d-----w C:\Program Files\IVT Corporation 2008-08-06 17:57 --------- d-----w C:\Program Files\Vimicro Corporation 2008-08-06 17:56 --------- d-----w C:\Program Files\Vimicro 2008-08-06 17:54 --------- d-----w C:\Program Files\Winamp 2008-08-06 17:42 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Ahead 2008-08-06 17:38 96,976 ---ha-w C:\WINDOWS.0\system32\drivers\klin.dat 2008-08-06 17:24 --------- d-----w C:\Program Files\FrostWire 2008-08-06 17:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-06 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-06 17:18 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-06 17:12 --------- d-----w C:\Program Files\Yahoo! 2008-08-06 17:10 717,296 ---ha-w C:\WINDOWS.0\system32\drivers\sptd.sys 2008-08-06 17:10 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\DAEMON Tools 2008-08-06 16:26 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer Pro 2008-08-06 15:55 --------- d-----w C:\Program Files\Lavalys 2008-08-06 15:37 87,855 ---ha-w C:\WINDOWS.0\system32\drivers\klick.dat 2008-08-06 15:20 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-06 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-06 15:18 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-08-06 15:16 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\URSoft 2008-08-06 15:07 21,419 ---ha-w C:\WINDOWS.0\system32\drivers\AegisP.sys 2008-08-06 15:06 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\InstallShield 2008-08-06 14:59 --------- d-----w C:\Program Files\Realtek 2008-08-06 14:59 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Styler 2008-08-06 14:39 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Talkback 2008-08-06 14:37 --------- d-----w C:\Program Files\GIGABYTE 2008-08-06 14:04 --------- d-----w C:\Program Files\Styler 2008-08-06 13:27 --------- d-----w C:\Program Files\Intel 2008-08-06 13:16 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-06 13:15 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-06 13:15 --------- d-----w C:\Program Files\Alky for Applications 2008-08-06 13:14 --------- d-----w C:\Program Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Java 2008-08-06 13:10 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-06 13:00 --------- d-----w C:\Program Files\VistaExperience.org 2008-08-06 12:56 --------- d-----w C:\Program Files\Desktop 2008-08-06 12:55 --------- d-----w C:\Program Files\Microsoft PowerToys 2008-08-06 12:55 --------- d-----w C:\Program Files\LClock 2008-07-30 18:07 38,472 ----a-w C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys 2008-07-30 18:07 17,144 ----a-w C:\WINDOWS.0\system32\drivers\mbam.sys 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS.0\system32\ff_vfw.dll . ------- Sigcheck ------- 2008-04-23 16:32 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS.0\system32\drivers\tcpip.sys 2008-04-23 07:34 2350208 af263738fad02e11d21f2c8f18054c80 C:\WINDOWS.0\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [8/6/2008 5:07:01 PM 741376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^Nesho & Nedja^Start Menu^Programs^Startup^Styler.lnk] path=C:\Documents and Settings\Nesho & Nedja\Start Menu\Programs\Startup\Styler.lnk backup=C:\WINDOWS.0\pss\Styler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-03-22 22:18 1271808 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-06-15 13:40 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 17:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] --a------ 2007-04-13 18:08 114688 C:\Program Files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\internet\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= R0 iteraid;ITERAID_Service_Install;C:\WINDOWS.0\system32\DRIVERS\iteraid.sys [2004-12-10 25105] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS.0\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS.0\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 VMUVC;Vimicro Camera Service VMUVC;C:\WINDOWS.0\system32\Drivers\VMUVC.sys [2007-09-05 248448] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\WINDOWS.0\system32\drivers\vvftUVC.sys [2007-06-13 476032] S3 FXDRV;FXDRV;F:\Fxdrv.sys [ ] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6F60F9B6-C678-3DCB-F4CB-9AA3D1DCBD55}] C:\WINDOWS.0\system32\drivers\cscript.exe s [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 08:47:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AegisP] "ImagePath"="system32\DRIVERS\AegisP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVP] "ImagePath"="\"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe\" -r" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BlueletAudio] "ImagePath"="system32\DRIVERS\blueletaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BlueletSCOAudio] "ImagePath"="system32\DRIVERS\BlueletSCOAudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BT] "ImagePath"="system32\DRIVERS\btnetdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Btcsrusb] "ImagePath"="System32\Drivers\btcusb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHidEnum] "ImagePath"="System32\Drivers\vbtenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHidMgr] "ImagePath"="System32\Drivers\BTHidMgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\C:\ComboFix\catchme.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CCDECODE] "ImagePath"="system32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="C:\WINDOWS.0\system32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc] "ImagePath"="system32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="c:\WINDOWS.0\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FXDRV] "ImagePath"="\??\F:\Fxdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT] "ImagePath"="\"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="system32\DRIVERS\iteraid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kl1] "ImagePath"="system32\drivers\kl1.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\klbg] "ImagePath"="system32\drivers\klbg.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KLIF] "ImagePath"="system32\DRIVERS\klif.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\klim5] "ImagePath"="system32\DRIVERS\klim5.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="C:\WINDOWS.0\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv] "ImagePath"="system32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose] "ImagePath"="\"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20] "ImagePath"="system32\DRIVERS\PxHelp20.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDSessMgr] "ImagePath"="C:\WINDOWS.0\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ROOTMODEM] "ImagePath"="System32\Drivers\RootMdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RT61] "ImagePath"="system32\DRIVERS\RT61.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srservice] "ServiceDll"="C:\WINDOWS.0\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StarOpen] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SwPrv] "ImagePath"="C:\WINDOWS.0\system32\dllhost.exe /Processid:{A260881C-6E30-4ED7-AC6C-2412365E1C22}" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TlntSvr] "ImagePath"="C:\WINDOWS.0\system32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UnlockerDriver5] "ImagePath"="\??\C:\Program Files\Unlocker\UnlockerDriver5.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbvideo] "ImagePath"="System32\Drivers\usbvideo.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usnjsvc] "ImagePath"="\"C:\Program Files\MSN Messenger\usnsvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VComm] "ImagePath"="system32\DRIVERS\VComm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VcommMgr] "ImagePath"="System32\Drivers\VcommMgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VMUVC] "ImagePath"="System32\Drivers\VMUVC.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vvftUVC] "ImagePath"="system32\drivers\vvftUVC.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSN] "ServiceDll"="C:\WINDOWS.0\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApSrv] "ImagePath"="C:\WINDOWS.0\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"C:\Program Files\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="C:\WINDOWS.0\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{CE877E37-2072-418B-AD6E-26FFCDFB4CF2}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DA47CE77-AA60-4BDB-B641-E0B6D77A48AC}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{F182C6D8-137B-4402-A02D-BDDC6CEFDA5F}] . Completion time: 2008-09-10 8:49:58 ComboFix-quarantined-files.txt 2008-09-10 06:49:50 ComboFix2.txt 2008-09-09 19:59:17 Pre-Run: 17,619,881,984 bytes free Post-Run: 17,610,797,056 bytes free 772

Profil

dr_Bora Poslao: 10 Sep 2008 19:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj (ili raruj, svejedno) i uploaduj sledeći file: C:\WINDOWS.0\erdnt\Hiv-backup\System Upload link: http://www.mycity.rs/ambulanta-upload.php Javi kada odradiš upload.

Profil

nesho_15 Poslao: 10 Sep 2008 21:56 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo uradio upload

Profil

dr_Bora Poslao: 12 Sep 2008 15:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privremeno isključi antivirus i dvoklikom pokreni ComboFix. Ukoliko program zatraži da se update-uje, dozvoli mu. Iskopiraj u temu dobijeni logfile.

Profil

nesho_15 Poslao: 12 Sep 2008 21:57 Idi na vrh
offline nesho_15 Ugledni građanin Pridružio: 17 Maj 2008 Poruke: 442 Gde živiš: Torak City	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! dozvolio sam update ali sad se komp nije restartovao kao ranije kad sam radio sa Combofixom.evo loga: ComboFix 08-09-11.02 - Nesho & Nedja 2008-09-12 21:46:16.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1613 [GMT 2:00] Running from: D:\internet\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))) . 2008-09-12 11:23 . 2008-09-12 11:23 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-09-12 11:23 . 2008-09-12 11:23 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-09-12 11:13 . 2008-09-12 11:13 <DIR> dr-h----- C:\MSOCache 2008-09-11 21:06 . 2008-09-11 21:06 154 --a------ C:\WINDOWS.0\CROCCLIP.INI 2008-09-11 20:52 . 2008-09-11 20:52 <DIR> d-------- C:\Program Files\MeeSoft 2008-09-10 08:34 . 2008-09-10 08:34 <DIR> d-------- C:\WINDOWS.0\system32\xircom 2008-09-10 08:33 . 2008-09-10 08:33 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Common Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Program Files\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft 2008-09-09 20:17 . 2008-09-09 20:17 0 --a------ C:\WINDOWS.0\system32\_r_a_p_.tmp 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-08 10:08 . 2008-09-08 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters 2008-09-08 09:53 . 2008-09-08 09:53 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\KC Softwares 2008-09-07 22:13 . 2008-09-07 22:25 160 --a------ C:\WINDOWS.0\MyDrivers.ini 2008-09-06 22:13 . 2008-09-06 22:14 610,164,736 --a------ C:\windowsxpsp2.iso 2008-09-06 22:07 . 2007-09-11 15:12 28,601,472 --a------ C:\image.sub 2008-09-06 22:06 . 2007-09-11 15:12 772 --a------ C:\image.ccd 2008-09-06 20:59 . 2007-09-11 15:12 700,736,064 --a------ C:\image.img 2008-09-05 11:22 . 2008-09-05 11:24 <DIR> d-------- C:\WINDOWS.0\system32\NtmsData 2008-09-01 08:51 . 2008-09-01 09:26 <DIR> d-------- C:\WINDOWS.0\system32\Adobe 2008-09-01 08:05 . 2008-09-01 08:05 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:01 <DIR> d-------- C:\Program Files\Disney Interactive Studios 2008-09-01 08:01 . 2008-09-01 08:04 1,461 --a------ C:\WINDOWS.0\disney.ini 2008-08-31 23:12 . 2008-09-01 08:15 <DIR> d-------- C:\Program Files\SEGA 2008-08-31 16:06 . 2008-08-31 16:06 <DIR> d-------- C:\Program Files\Softick 2008-08-31 15:18 . 2008-08-31 19:18 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\Samsung 2008-08-31 15:17 . 2008-08-31 15:17 <DIR> d-------- C:\WINDOWS.0\system32\Samsung_USB_Drivers 2008-08-31 15:17 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS.0\system32\framedyn.dll 2008-08-31 15:14 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS.0\system32\drivers\StarOpen.sys 2008-08-31 15:14 . 2005-08-28 20:51 766 --a------ C:\WINDOWS.0\system32\Uninstall.ico 2008-08-31 11:45 . 2008-08-31 11:45 <DIR> d-------- C:\Program Files\Atari 2008-08-30 23:27 . 2008-08-30 23:27 <DIR> d-------- C:\Program Files\Groove Games 2008-08-30 23:05 . 2008-08-30 23:05 <DIR> d-------- C:\Program Files\Raw Modders Union 2008-08-29 23:37 . 2008-08-31 23:08 <DIR> d-------- C:\Program Files\City Interactive 2008-08-28 18:24 . 2008-08-28 18:24 268 --ah----- C:\sqmdata01.sqm 2008-08-28 18:24 . 2008-08-28 18:24 244 --ah----- C:\sqmnoopt01.sqm 2008-08-28 15:59 . 2008-08-30 23:23 <DIR> d-------- C:\Program Files\SweetIM 2008-08-26 13:02 . 2008-08-26 21:31 <DIR> d-------- C:\Program Files\FF Player 2008-08-25 17:04 . 2008-08-25 17:04 <DIR> d-------- C:\Program Files\CCleaner 2008-08-24 12:46 . 2008-09-12 11:25 <DIR> d-------- C:\WINDOWS.0\SHELLNEW 2008-08-24 11:42 . 2008-08-24 11:42 66,331 --a------ C:\WINDOWS.0\system32\newls.exe 2008-08-20 10:01 . 2008-08-20 10:37 <DIR> d-------- C:\Program Files\Cheatbook Database 2008 2008-08-19 19:34 . 2008-08-20 10:17 <DIR> d-------- C:\Program Files\Microsoft Games 2008-08-19 11:49 . 2008-08-19 11:49 <DIR> d-------- C:\Program Files\Lavals 2008-08-16 16:18 . 2008-08-28 15:45 <DIR> d-------- C:\Program Files\Activision Value 2008-08-16 13:31 . 2008-08-16 13:31 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\GarageGames 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.Tribler 2008-08-14 09:33 . 2008-08-14 09:33 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\.SwarmPlayer 2008-08-13 18:34 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS.0\system32\msvcp71.dll 2008-08-13 18:02 . 2008-08-13 18:02 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Application Data\JLC's Software 2008-08-13 17:58 . 2008-08-13 17:58 10 --a------ C:\WINDOWS.0\system32\810429tv4-test.jun 2008-08-13 10:47 . 2008-08-13 13:46 <DIR> d-------- C:\Documents and Settings\Nesho & Nedja\Contacts 2008-08-13 10:46 . 2008-08-13 10:46 268 --ah----- C:\sqmdata00.sqm 2008-08-13 10:46 . 2008-08-13 10:46 244 --ah----- C:\sqmnoopt00.sqm 2008-08-13 10:41 . 2008-08-13 10:41 <DIR> d-------- C:\Program Files\MSN Messenger 2008-08-12 13:56 . 2008-08-12 13:57 <DIR> d-------- C:\Program Files\Mv2Player 2008-08-12 12:04 . 2008-08-12 12:04 523,324 --a------ C:\WINDOWS.0\system32\PerfStringBackup.TMP 2008-08-12 11:57 . 2008-09-12 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 11:57 . 2008-08-24 12:47 382 --a------ C:\WINDOWS.0\ODBC.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-12 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-09-12 14:00 426,016 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.dat 2008-09-12 14:00 3,584 --sha-w C:\WINDOWS.0\system32\drivers\fidbox2.idx 2008-09-12 14:00 17,332 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.idx 2008-09-12 14:00 1,946,144 --sha-w C:\WINDOWS.0\system32\drivers\fidbox.dat 2008-09-12 09:26 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\FrostWire 2008-09-12 09:05 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BitTorrent 2008-09-09 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-09 18:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-09 07:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-30 21:22 --------- d-----w C:\Program Files\EA GAMES 2008-08-30 16:49 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\DNA 2008-08-30 16:40 --------- d-----w C:\Program Files\DNA 2008-08-29 20:33 --------- d-----w C:\Program Files\Rockstar Games 2008-08-14 10:20 --------- d-----w C:\Program Files\Java 2008-08-12 10:05 --------- d-----w C:\Program Files\MSBuild 2008-08-10 16:24 98,304 ----a-w C:\WINDOWS.0\system32\CmdLineExt.dll 2008-08-09 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-08-09 08:58 --------- d-----w C:\Program Files\BitTorrent 2008-08-08 17:39 --------- d-----w C:\Program Files\Mirage Interactive 2008-08-07 16:52 --------- d-----w C:\Program Files\Unlocker 2008-08-07 16:48 --------- d-----w C:\Program Files\DietMP3 2008-08-07 16:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Malwarebytes 2008-08-07 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-07 16:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Program Files\ACD Systems 2008-08-07 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-08-07 14:25 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Media Player Classic 2008-08-07 14:24 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-07 14:08 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer 2008-08-07 14:07 --------- d-----w C:\Program Files\Webteh 2008-08-06 21:07 --------- d-----w C:\Program Files\CyberLink 2008-08-06 21:04 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\CyberLink 2008-08-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-08-06 19:22 --------- d--h--r C:\Documents and Settings\Nesho & Nedja\Application Data\yahoo! 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-06 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM 2008-08-06 19:18 --------- d-----w C:\Program Files\IVT Corporation 2008-08-06 17:57 --------- d-----w C:\Program Files\Vimicro Corporation 2008-08-06 17:56 --------- d-----w C:\Program Files\Vimicro 2008-08-06 17:54 --------- d-----w C:\Program Files\Winamp 2008-08-06 17:42 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-06 17:41 --------- d-----w C:\Program Files\Ahead 2008-08-06 17:38 96,976 ---ha-w C:\WINDOWS.0\system32\drivers\klin.dat 2008-08-06 17:24 --------- d-----w C:\Program Files\FrostWire 2008-08-06 17:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-06 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-06 17:18 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-06 17:12 --------- d-----w C:\Program Files\Yahoo! 2008-08-06 17:10 717,296 ---ha-w C:\WINDOWS.0\system32\drivers\sptd.sys 2008-08-06 17:10 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\DAEMON Tools 2008-08-06 16:26 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\BSplayer Pro 2008-08-06 15:55 --------- d-----w C:\Program Files\Lavalys 2008-08-06 15:37 87,855 ---ha-w C:\WINDOWS.0\system32\drivers\klick.dat 2008-08-06 15:20 --------- d-----w C:\Program Files\Kaspersky Lab 2008-08-06 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-08-06 15:18 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-08-06 15:16 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\URSoft 2008-08-06 15:07 21,419 ---ha-w C:\WINDOWS.0\system32\drivers\AegisP.sys 2008-08-06 15:06 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\InstallShield 2008-08-06 14:59 --------- d-----w C:\Program Files\Realtek 2008-08-06 14:59 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Styler 2008-08-06 14:39 --------- d-----w C:\Documents and Settings\Nesho & Nedja\Application Data\Talkback 2008-08-06 14:37 --------- d-----w C:\Program Files\GIGABYTE 2008-08-06 14:04 --------- d-----w C:\Program Files\Styler 2008-08-06 13:27 --------- d-----w C:\Program Files\Intel 2008-08-06 13:16 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-06 13:15 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-06 13:15 --------- d-----w C:\Program Files\Alky for Applications 2008-08-06 13:14 --------- d-----w C:\Program Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Stardock 2008-08-06 13:14 --------- d-----w C:\Program Files\Common Files\Java 2008-08-06 13:10 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-06 13:00 --------- d-----w C:\Program Files\VistaExperience.org 2008-08-06 12:56 --------- d-----w C:\Program Files\Desktop 2008-08-06 12:55 --------- d-----w C:\Program Files\Microsoft PowerToys 2008-08-06 12:55 --------- d-----w C:\Program Files\LClock 2008-07-30 18:07 38,472 ----a-w C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys 2008-07-30 18:07 17,144 ----a-w C:\WINDOWS.0\system32\drivers\mbam.sys 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS.0\system32\ff_vfw.dll . ------- Sigcheck ------- 2008-04-23 16:32 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS.0\system32\drivers\tcpip.sys 2008-04-23 07:34 2350208 af263738fad02e11d21f2c8f18054c80 C:\WINDOWS.0\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-09_21.58.46.92 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-12 09:14:41 217,864 ----a-r C:\WINDOWS.0\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe + 2008-09-11 09:51:13 2,316 ----a-w C:\WINDOWS.0\SoftwareDistribution\EventCache\{7DCECA96-5346-49EB-9835-337C14664984}.bin + 2008-09-10 09:43:10 2,316 ----a-w C:\WINDOWS.0\SoftwareDistribution\EventCache\{DD4E87A0-9DAF-490F-AD16-7449C0750DF7}.bin + 2008-09-12 14:00:17 3,470 ----a-w C:\WINDOWS.0\SoftwareDistribution\EventCache\{FBC10F5B-315C-4D40-8E29-E20839B95E2E}.bin - 2005-10-29 00:40:14 32,456 ----a-w C:\WINDOWS.0\system32\FM20ENU.DLL + 2006-10-26 12:10:06 33,088 ----a-w C:\WINDOWS.0\system32\FM20ENU.DLL - 2008-08-24 12:43:54 127,704 ---ha-w C:\WINDOWS.0\system32\FNTCACHE.DAT + 2008-09-12 09:35:33 128,504 ---ha-w C:\WINDOWS.0\system32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 65536] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2006-01-12 155648] "NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-06-28 81920] "SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-06-15 111928] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992] "RTHDCPL"="RTHDCPL.EXE" [2005-03-23 C:\WINDOWS.0\RTHDCPL.EXE] "nwiz"="nwiz.exe" [2007-06-28 C:\WINDOWS.0\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" [2008-04-23 C:\WINDOWS.0\system32\advpack.dll] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Gigabyte Wireless Utility.lnk - C:\Program Files\GIGABYTE\Common\GNConfig.exe [8/6/2008 5:07:01 PM 741376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "VIDC.ACDV"= ACDV.dll [HKLM\~\startupfolder\C:^Documents and Settings^Nesho & Nedja^Start Menu^Programs^Startup^Styler.lnk] path=C:\Documents and Settings\Nesho & Nedja\Start Menu\Programs\Startup\Styler.lnk backup=C:\WINDOWS.0\pss\Styler.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-03-22 22:18 1271808 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-06-15 13:40 111928 C:\Program Files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 17:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] --a------ 2007-04-13 18:08 114688 C:\Program Files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= R0 iteraid;ITERAID_Service_Install;C:\WINDOWS.0\system32\DRIVERS\iteraid.sys [2004-12-10 25105] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS.0\system32\drivers\klbg.sys [2008-01-29 32784] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS.0\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 VMUVC;Vimicro Camera Service VMUVC;C:\WINDOWS.0\system32\Drivers\VMUVC.sys [2007-09-05 248448] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\WINDOWS.0\system32\drivers\vvftUVC.sys [2007-06-13 476032] S3 FXDRV;FXDRV;F:\Fxdrv.sys [ ] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . - - - - ORPHANS REMOVED - - - - HKLM-Run-Sccs - C:\Documents and Settings\Nesho & Nedja\sccs.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nesho & Nedja\Application Data\Mozilla\Firefox\Profiles\fjk2ivql.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.rs . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 21:48:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-12 21:50:59 ComboFix-quarantined-files.txt 2008-09-12 19:50:49 ComboFix2.txt 2008-09-10 06:50:00 ComboFix3.txt 2008-09-09 19:59:17 Pre-Run: 16,604,192,768 bytes free Post-Run: 16,813,920,256 bytes free 263

Profil

dr_Bora Poslao: 13 Sep 2008 13:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo sada izgleda otprilike onako kako bi trebalo. Obriši file: C:\WINDOWS.0\system32\newls.exe Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » nesto sam zakacio

Ko je trenutno na forumu

Ukupno su 1243 korisnika na forumu :: 59 registrovanih, 8 sakrivenih i 1176 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Acivi, adamantadv, amaterSRB, Andrija357, armor, ArmyBoss, Atomski čoban, bojankrstc, bokisha253, ccoogg123, comi_pfc, dane007, Dannyboy, darcaud, dekan.m, Dimitrije Paunovic, dragoljub11987, dule10savic, flash12, Futurama, Georgius, Gosha101980, goxin, hooraay, hyla, JimmyNapoli, karevski, Marko Marković, mgolub, Mi lao shu, milenko crazy north, milimoj, mkukoleca, moldway, Ne doznajem se u oružje, nebkv, ObelixSRB, Panter, panzerwaffe, pein, Rakenica, royst33, Shinobi, Sir Budimir, slonic_tonic, SR-3m, Srle993, suton, Tragač, tubular, Tvrtko I, VJ, vlad4, Vlada1389, Vlada78, VP6919, Wrangler, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by