MyCity » Ambulanta -> Arhiva Ambulante » rootkit ggb6w.exe problem

rootkit ggb6w.exe problem

Napisano na dan: 27.7.2010

Strana:
1
2

rootkit ggb6w.exe problem

Pagination

Prethodna strana

Odgovori

Strana:
1
2

lalanesosa Poslao: 27 Jul 2010 17:21 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of random's system information tool 1.08 (written by random/random) Run by Slavica at 2010-07-27 17:20:42 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (41%) free of 59 GB Total RAM: 511 MB (28% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:21:04 PM, on 7/27/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Documents and Settings\Slavica\Desktop\RSIT.exe C:\Program Files\trend micro\Slavica.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [FileSeekerUpdater] "C:\Program Files\File Seeker\FSeekerDBUpdater.exe" -start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Slavica\LOCALS~1\Temp\herss.exe O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\Slavica\LOCALS~1\Temp\dsoqq.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.ebank.lhb.co.yu/DLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - https://secure.deltabanka.co.yu/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} (FileInterface Class) - https://www.ebank.lhb.co.yu/DLL/FSINT9.dll O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.deltabanka.co.yu/RetailDLL/SGCMSCCD.DLL O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.ebank.ppbank.com/DLL/SAWZip.dll O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.ebank.ppbank.com/DLL/EbankingWWW.dll O16 - DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCSCC2B.dll O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCCDC2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- End of file - 6842 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] Yahoo! Toolbar Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2005-10-31 503808] "FileSeekerUpdater"=C:\Program Files\File Seeker\FSeekerDBUpdater.exe [2007-01-13 603648] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "avast5"=C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "cdoosoft"=C:\DOCUME~1\Slavica\LOCALS~1\Temp\herss.exe [] "dso32"=C:\DOCUME~1\Slavica\LOCALS~1\Temp\dsoqq.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-07-10 524632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] C:\Program Files\DAP\DAP.EXE /STARTUP [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Program Files\ICQ6\ICQ.exe [2008-08-24 173304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe [2003-05-15 217193] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] C:\PROGRA~1\IVT Corporation\BlueSoleil\gprs.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] C:\PROGRA~1\Metacafe\METACA~1.EXE /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-07-08 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk] C:\PROGRA~1\Metacafe\METACA~1.EXE /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^PowerReg Scheduler.exe] C:\Documents and Settings\Slavica\Start Menu\Programs\Startup\PowerReg Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CiSvc"=3 "PolicyAgent"=2 "helpsvc"=2 "TrkWks"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] WRLogonNTF.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe::Enabled:Download Accelerator Plus (DAP)" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe::Enabled:ICQ6" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe::Enabled:DC++" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2010-07-27 17:11:25 ----D---- C:\Avenger 2010-07-27 17:11:24 ----A---- C:\avenger.txt 2010-07-27 13:41:56 ----D---- C:\Program Files\trend micro 2010-07-27 13:41:54 ----D---- C:\rsit 2010-07-27 12:14:50 ----SD---- C:\ComboFix 2010-07-27 09:04:24 ----A---- C:\Boot.bak 2010-07-27 09:04:18 ----RASHD---- C:\cmdcons 2010-07-27 09:01:10 ----A---- C:\WINDOWS\NIRCMD.exe 2010-07-27 09:01:10 ----A---- C:\WINDOWS\MBR.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\zip.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWSC.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWREG.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\sed.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\PEV.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\grep.exe 2010-07-27 08:58:56 ----D---- C:\Qoobox 2010-07-27 01:52:02 ----A---- C:\RootRepeal report 07-27-10 (01-52-02).txt 2010-07-10 15:08:18 ----A---- C:\WINDOWS\iun6002.exe 2010-07-10 15:08:12 ----A---- C:\WINDOWS\Insaniquarium Patch Installer Setup Log.txt 2010-07-10 00:44:51 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010-07-10 00:44:50 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys 2010-07-10 00:44:48 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys 2010-07-10 00:44:46 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys 2010-07-10 00:44:23 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-07-10 00:44:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-07-08 21:56:09 ----RA---- C:\WINDOWS\system32\drivers\athuw.sys 2010-07-07 21:06:01 ----RA---- C:\WINDOWS\system32\drivers\rt73.sys ======List of files/folders modified in the last 1 months====== 2010-07-27 17:17:39 ----D---- C:\WINDOWS\Prefetch 2010-07-27 17:13:24 ----D---- C:\WINDOWS\Temp 2010-07-27 17:11:25 ----D---- C:\WINDOWS\system32\drivers 2010-07-27 17:11:25 ----D---- C:\WINDOWS\system32 2010-07-27 17:11:25 ----D---- C:\WINDOWS 2010-07-27 17:11:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-27 15:30:15 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-27 13:41:56 ----RD---- C:\Program Files 2010-07-27 09:04:24 ----RASH---- C:\boot.ini 2010-07-27 09:00:48 ----D---- C:\WINDOWS\ERDNT 2010-07-27 08:57:50 ----D---- C:\Program Files\File Seeker 2010-07-24 10:37:15 ----D---- C:\Program Files\Mozilla Firefox 2010-07-22 18:46:44 ----D---- C:\WINDOWS\Minidump 2010-07-21 09:13:49 ----D---- C:\Documents and Settings\Slavica\Application Data\BitTorrent 2010-07-20 14:43:38 ----D---- C:\Documents and Settings\Slavica\Application Data\AdobeUM 2010-07-16 20:12:09 ----D---- C:\Documents and Settings\Slavica\Application Data\OpenOffice.org2 2010-07-14 22:54:19 ----D---- C:\Program Files\WinRAR 2010-07-14 20:11:21 ----D---- C:\Documents and Settings\Slavica\Application Data\WinRAR 2010-07-10 16:28:47 ----D---- C:\Program Files\CCleaner 2010-07-10 15:08:16 ----D---- C:\Program Files\PopCap Games 2010-07-10 12:32:52 ----HD---- C:\WINDOWS\inf 2010-07-10 00:44:37 ----SHD---- C:\WINDOWS\Installer 2010-07-10 00:44:37 ----HD---- C:\Config.Msi 2010-07-10 00:44:35 ----D---- C:\WINDOWS\WinSxS 2010-07-10 00:44:34 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-07-10 00:44:08 ----D---- C:\Program Files\Alwil Software 2010-07-10 00:17:36 ----D---- C:\Program Files\HP DeskJet 710C Series 2010-07-10 00:16:25 ----D---- C:\Program Files\MSN Messenger 2010-07-10 00:14:14 ----D---- C:\Program Files\Symantec 2010-07-10 00:14:14 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-07-10 00:14:09 ----D---- C:\Program Files\Symantec AntiVirus 2010-07-10 00:14:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-07-10 00:04:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-07-09 13:40:54 ----A---- C:\WINDOWS\ModemLog_Intel(R) 536EP Modem.txt 2010-07-08 21:57:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-08 00:31:05 ----N---- C:\WINDOWS\system.ini 2010-07-08 00:31:05 ----A---- C:\WINDOWS\win.ini 2010-07-07 21:06:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-07-05 12:33:21 ----D---- C:\Program Files\LeeGTs Games ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136] R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248] R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-06-27 64160] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-06 1714176] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-25 787456] R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 670203] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-05-03 9856] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [] S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-08-17 41984] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [] S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273024] S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 catchme;catchme; \??\C:\DOCUME~1\Slavica\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 ovt519;TRUST 320 SPACEC@M; C:\WINDOWS\System32\Drivers\ov519vid.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-10-21 465152] S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-02-14 715248] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-10 1029456] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622] S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------

Profil

helen1 Poslao: 27 Jul 2010 17:28 Idi na vrh
online helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8516 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadam se da ce ovo biti poslednja instrukcija. Preuzmi program OTM na Desktop. Dvoklikom pokreni OTM.exe U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja: `:reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"=- "dso32"=-` Klikni MoveIt! Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu. Ukoliko se pojavi upit: Confirm ::The system requires a reboot to finish removing files. Do you want to reboot now? kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen. Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu. Potrebno je iskopirati sadržaj tog loga u poruku na forumu. ------ Zatim novi RSIT log.

Profil

lalanesosa Poslao: 27 Jul 2010 17:33 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 27 Jul 2010 17:32 ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully. OTM by OldTimer - Version 3.1.15.0 log created on 07272010_173252 Dopuna: 27 Jul 2010 17:33 Logfile of random's system information tool 1.08 (written by random/random) Run by Slavica at 2010-07-27 17:33:41 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (41%) free of 59 GB Total RAM: 511 MB (27% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:33:47 PM, on 7/27/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Program Files\File Seeker\FSeekerDBUpdater.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Slavica\Desktop\RSIT.exe C:\Program Files\trend micro\Slavica.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [FileSeekerUpdater] "C:\Program Files\File Seeker\FSeekerDBUpdater.exe" -start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.ebank.lhb.co.yu/DLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - https://secure.deltabanka.co.yu/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} (FileInterface Class) - https://www.ebank.lhb.co.yu/DLL/FSINT9.dll O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.deltabanka.co.yu/RetailDLL/SGCMSCCD.DLL O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.ebank.ppbank.com/DLL/SAWZip.dll O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.ebank.ppbank.com/DLL/EbankingWWW.dll O16 - DPF: {E772C6B1-C3D6-4251-990B-1511D7822722} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCSCC2B.dll O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - https://www.ebank.ppbank.com/DLL/EBCCDC2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- End of file - 6653 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] Yahoo! Toolbar Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2005-10-31 503808] "FileSeekerUpdater"=C:\Program Files\File Seeker\FSeekerDBUpdater.exe [2007-01-13 603648] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "avast5"=C:\PROGRA~1\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-07-10 524632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] C:\Program Files\DAP\DAP.EXE /STARTUP [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Program Files\ICQ6\ICQ.exe [2008-08-24 173304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe [2003-05-15 217193] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] C:\PROGRA~1\IVT Corporation\BlueSoleil\gprs.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] C:\PROGRA~1\Metacafe\METACA~1.EXE /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-07-08 106496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^Metacafe.lnk] C:\PROGRA~1\Metacafe\METACA~1.EXE /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slavica^Start Menu^Programs^Startup^PowerReg Scheduler.exe] C:\Documents and Settings\Slavica\Start Menu\Programs\Startup\PowerReg Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "CiSvc"=3 "PolicyAgent"=2 "helpsvc"=2 "TrkWks"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] WRLogonNTF.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe::Enabled:Download Accelerator Plus (DAP)" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe::Enabled:ICQ6" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe::Enabled:DC++" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2010-07-27 17:11:25 ----D---- C:\Avenger 2010-07-27 17:11:24 ----A---- C:\avenger.txt 2010-07-27 13:41:56 ----D---- C:\Program Files\trend micro 2010-07-27 13:41:54 ----D---- C:\rsit 2010-07-27 12:14:50 ----SD---- C:\ComboFix 2010-07-27 09:04:24 ----A---- C:\Boot.bak 2010-07-27 09:04:18 ----RASHD---- C:\cmdcons 2010-07-27 09:01:10 ----A---- C:\WINDOWS\NIRCMD.exe 2010-07-27 09:01:10 ----A---- C:\WINDOWS\MBR.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\zip.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWSC.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\SWREG.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\sed.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\PEV.exe 2010-07-27 09:01:09 ----A---- C:\WINDOWS\grep.exe 2010-07-27 08:58:56 ----D---- C:\Qoobox 2010-07-27 01:52:02 ----A---- C:\RootRepeal report 07-27-10 (01-52-02).txt 2010-07-10 15:08:18 ----A---- C:\WINDOWS\iun6002.exe 2010-07-10 15:08:12 ----A---- C:\WINDOWS\Insaniquarium Patch Installer Setup Log.txt 2010-07-10 00:44:51 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010-07-10 00:44:50 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys 2010-07-10 00:44:48 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys 2010-07-10 00:44:46 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys 2010-07-10 00:44:44 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys 2010-07-10 00:44:23 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-07-10 00:44:08 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-07-08 21:56:09 ----RA---- C:\WINDOWS\system32\drivers\athuw.sys 2010-07-07 21:06:01 ----RA---- C:\WINDOWS\system32\drivers\rt73.sys ======List of files/folders modified in the last 1 months====== 2010-07-27 17:33:05 ----D---- C:\WINDOWS\Prefetch 2010-07-27 17:13:24 ----D---- C:\WINDOWS\Temp 2010-07-27 17:11:25 ----D---- C:\WINDOWS\system32\drivers 2010-07-27 17:11:25 ----D---- C:\WINDOWS\system32 2010-07-27 17:11:25 ----D---- C:\WINDOWS 2010-07-27 17:11:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-27 15:30:15 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-27 13:41:56 ----RD---- C:\Program Files 2010-07-27 09:04:24 ----RASH---- C:\boot.ini 2010-07-27 09:00:48 ----D---- C:\WINDOWS\ERDNT 2010-07-27 08:57:50 ----D---- C:\Program Files\File Seeker 2010-07-24 10:37:15 ----D---- C:\Program Files\Mozilla Firefox 2010-07-22 18:46:44 ----D---- C:\WINDOWS\Minidump 2010-07-21 09:13:49 ----D---- C:\Documents and Settings\Slavica\Application Data\BitTorrent 2010-07-20 14:43:38 ----D---- C:\Documents and Settings\Slavica\Application Data\AdobeUM 2010-07-16 20:12:09 ----D---- C:\Documents and Settings\Slavica\Application Data\OpenOffice.org2 2010-07-14 22:54:19 ----D---- C:\Program Files\WinRAR 2010-07-14 20:11:21 ----D---- C:\Documents and Settings\Slavica\Application Data\WinRAR 2010-07-10 16:28:47 ----D---- C:\Program Files\CCleaner 2010-07-10 15:08:16 ----D---- C:\Program Files\PopCap Games 2010-07-10 12:32:52 ----HD---- C:\WINDOWS\inf 2010-07-10 00:44:37 ----SHD---- C:\WINDOWS\Installer 2010-07-10 00:44:37 ----HD---- C:\Config.Msi 2010-07-10 00:44:35 ----D---- C:\WINDOWS\WinSxS 2010-07-10 00:44:34 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-07-10 00:44:08 ----D---- C:\Program Files\Alwil Software 2010-07-10 00:17:36 ----D---- C:\Program Files\HP DeskJet 710C Series 2010-07-10 00:16:25 ----D---- C:\Program Files\MSN Messenger 2010-07-10 00:14:14 ----D---- C:\Program Files\Symantec 2010-07-10 00:14:14 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-07-10 00:14:09 ----D---- C:\Program Files\Symantec AntiVirus 2010-07-10 00:14:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-07-10 00:04:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-07-09 13:40:54 ----A---- C:\WINDOWS\ModemLog_Intel(R) 536EP Modem.txt 2010-07-08 21:57:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-08 00:31:05 ----N---- C:\WINDOWS\system.ini 2010-07-08 00:31:05 ----A---- C:\WINDOWS\win.ini 2010-07-07 21:06:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-07-05 12:33:21 ----D---- C:\Program Files\LeeGTs Games ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136] R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248] R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-06-27 64160] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-06 1714176] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-25 787456] R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-03 105984] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 670203] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-03 13824] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-05-03 9856] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [] S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-08-17 41984] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [] S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [] S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-14 273024] S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 catchme;catchme; \??\C:\DOCUME~1\Slavica\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576] S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872] S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728] S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 ovt519;TRUST 320 SPACEC@M; C:\WINDOWS\System32\Drivers\ov519vid.sys [] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 RT73;TL-WN321G USB Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-10-21 465152] S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-02-14 715248] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-10 1029456] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622] S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------

Profil

helen1 Poslao: 27 Jul 2010 17:34 Idi na vrh
online helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8516 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako sad radi, ima li problema?

Profil

lalanesosa Poslao: 27 Jul 2010 17:36 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ako je ovo, nadam se, kraj sta da radim sa svim ovim programcicima i logovima na desktopu a posebno sa ComboFix za koji sam ranije napomenuo da ne mogu da obrisem iz run komandne linije?

Profil

helen1 Poslao: 27 Jul 2010 17:39 Idi na vrh
online helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8516 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! lalanesosa ::Ako je ovo, nadam se, kraj sta da radim sa svim ovim programcicima i logovima na desktopu a posebno sa ComboFix za koji sam ranije napomenuo da ne mogu da obrisem iz run komandne linije? Ja tebe pitam da li je kraj? Ako se ne zalis na neke detekcije, onda jeste i mozes da obrises sve programe. ComboFix brises tako sto nadjes njegove fajlove i Delete.

Profil

lalanesosa Poslao: 27 Jul 2010 17:46 Idi na vrh
offline lalanesosa Građanin Pridružio: 17 Apr 2006 Poruke: 215 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebalo mi je malo vremena da restartujem racunar i pokrenem neke moje omiljene programe i sada mogu reci da se avast ne javlja. Helen1 hvala ti puno. PS istina je da imam problem i na mom racunaru ( pri svakom startovanju racunara prvo sto se pojavi na ekranu je poruka da mi fali nekakav dll ) ali to cu prvo pokusati sam da resim pa ako ne uspem samo mi MYcity moze pomoci Hvala jos jedared!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » rootkit ggb6w.exe problem

Ko je trenutno na forumu

Ukupno su 893 korisnika na forumu :: 82 registrovanih, 9 sakrivenih i 802 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., Alibaba1981, babaroga, Batinas, bbogdan, Boris90, BORUTUS, Boskovic, branko7, brundo65, Bubimir, CallMeIshmael, cemix, chichabg, Dejan84, dejanbenkovic, Djokkinen, DonRumataEstorski, Dorcolac, eighty-one, ekser222, esx66, Frunze, Georgius, gomago, goranperović66, havoc995, helen1, HrcAk47, Joja, JOntra, Jovan Nenad, krlebgd77, ladro, Lieutenant, Litostroton, ljiljak, Magistar78, Marko Marković, messerschmitt, Mimikrija, Miskohd, mkukoleca, Mlav, mushroom, Ne doznajem se u oružje, nextyamb, novator, opt1, ozz, Panter, Parker, Partizanija, pein, peruni, Recce, rikirubio, ruger357, S2M, SerbFlippy, Simon simonović, Sr.Stat., srbijaiznadsvega, Srki94, taz1cl, Toni, Trainspotting, tubular, vasa.93, VJ, vladas87, vladom6, vladulns, Voja1978, VojvodaMisic, Vule, wizzardone, xJeremijAx, zdrebac, zozi, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by