pomoc sa virtumonde

pomoc sa virtumonde

offline
  • Pridružio: 13 Nov 2008
  • Poruke: 4

Zdravo momci.

Vec nedelju dana ima virtumonde na mom PC.
Probao sam da ga uklonim sa SpySweeper i Spybot - Search & Destroy ali nisam uspio. Trazio sam po foruma i nasao sam puno tutorial-a za rucno brisanje ali niko ne funkcionise za moj PC.

evo moj log od HJThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:43, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Calendarium\Calendarium.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lidija\Desktop\TQR.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A121F249-DA86-4687-9EDD-03179D3BD0AF} - C:\WINDOWS\system32\qoMeDtUl.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [NetWatcherPro] C:\Program Files\NetWatcherPro\NetWatcherPro.exe
O4 - HKCU\..\Run: [thebat_startup] "C:\Program Files\The Bat!\thebat.exe" /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Startup: Calendarium.lnk = C:\Program Files\Calendarium\Calendarium.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
O20 - Winlogon Notify: awtuuuut - awtuuuut.dll (file missing)
O20 - Winlogon Notify: winuns32 - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobaSSH (MobaSSH1) - mobatek.net - C:\WINDOWS\system32\MobaSSH.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 6673 bytes


Hvala unapred.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Files to delete:
C:\WINDOWS\system32\qoMeDtUl.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuuuut
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A121F249-DA86-4687-9EDD-03179D3BD0AF}


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.



Takođe, postavi i svež HijackThis logfile.

offline
  • Pridružio: 13 Nov 2008
  • Poruke: 4

Evo sadrzaj logfile C:\avenger.txt:

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\qoMeDtUl.dll" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuuuut" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A121F249-DA86-4687-9EDD-03179D3BD0AF}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


a zatim i svez HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:33, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\NetWatcherPro\NetWatcherPro.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Vypress Chat\VyChat.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Calendarium\Calendarium.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lidija\Desktop\TQR.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [NetWatcherPro] C:\Program Files\NetWatcherPro\NetWatcherPro.exe
O4 - HKCU\..\Run: [thebat_startup] "C:\Program Files\The Bat!\thebat.exe" /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Startup: Calendarium.lnk = C:\Program Files\Calendarium\Calendarium.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobaSSH (MobaSSH1) - mobatek.net - C:\WINDOWS\system32\MobaSSH.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 6816 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini program sa sledećeg linka:

http://images.malwareremoval.com/random/RSIT.exe


Dvoklikom ga pokreni a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Znači, postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

offline
  • Pridružio: 13 Nov 2008
  • Poruke: 4

Evo sadrzaj log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lidija at 2008-11-14 09:40:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (23%) free of 22 GB
Total RAM: 2038 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:50, on 11/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Calendarium\Calendarium.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lidija\Desktop\RSIT.exe
C:\Program Files\trend micro\Lidija.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [NetWatcherPro] C:\Program Files\NetWatcherPro\NetWatcherPro.exe
O4 - HKCU\..\Run: [thebat_startup] "C:\Program Files\The Bat!\thebat.exe" /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Startup: Calendarium.lnk = C:\Program Files\Calendarium\Calendarium.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Vypress Chat StartUp.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{061A31EE-3077-4DF5-8234-C12908683931}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MobaSSH (MobaSSH1) - mobatek.net - C:\WINDOWS\system32\MobaSSH.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 7585 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2007-12-20 3116768]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-05-15 72240]
"NetWatcherPro"=C:\Program Files\NetWatcherPro\NetWatcherPro.exe [1998-04-20 524288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"thebat_startup"=C:\Program Files\The Bat!\thebat.exe [2008-02-07 6407016]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Vypress Chat StartUp.lnk - C:\WINDOWS\Installer\{32230531-F971-468F-9BD4-7C3369F3468B}\iconVCAdvertised.exe

C:\Documents and Settings\Lidija\Start Menu\Programs\Startup
BORGChat.lnk - C:\Program Files\BORGChat\BORGChat.exe
Calendarium.lnk - C:\Program Files\Calendarium\Calendarium.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\kasper~1\kasper~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{49582D01-5592-4E9A-B672-FBABAB3B9A2C}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\qoMeDtUl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"E:\nesto\uTorrent.exe"="E:\nesto\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4a48a78-229d-11dd-b186-001f3a476e6b}]
shell\AutoRun\command - F:\xlu8a8sy.exe
shell\explore\command - F:\xlu8a8sy.exe
shell\open\command - F:\xlu8a8sy.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-11-14 09:40:25 ----D---- C:\rsit
2008-11-14 09:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-14 09:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-14 09:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-14 09:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-14 09:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-14 09:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-14 09:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 09:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 09:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-14 09:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-14 09:22:00 ----D---- C:\WINDOWS\ie7updates
2008-11-14 09:21:30 ----D---- C:\WINDOWS\WBEM
2008-11-14 09:20:12 ----HDC---- C:\WINDOWS\ie7
2008-11-14 09:20:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-14 09:19:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-14 09:17:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-14 09:11:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-14 09:09:49 ----D---- C:\WINDOWS\Prefetch
2008-11-14 08:42:45 ----A---- C:\WINDOWS\setuplog.txt
2008-11-14 08:41:43 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-14 08:41:43 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-14 08:41:42 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-14 08:41:40 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-14 08:41:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-14 08:41:38 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-14 08:41:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-14 08:41:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-14 08:41:35 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-11-14 08:41:35 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-14 08:41:35 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-14 08:41:35 ----N---- C:\WINDOWS\slrundll.exe
2008-11-14 08:41:34 ----D---- C:\WINDOWS\system32\scripting
2008-11-14 08:41:33 ----D---- C:\WINDOWS\system32\en
2008-11-14 08:41:33 ----D---- C:\WINDOWS\system32\bits
2008-11-14 08:41:33 ----D---- C:\WINDOWS\l2schemas
2008-11-14 08:39:17 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-14 08:36:41 ----D---- C:\WINDOWS\network diagnostic
2008-11-14 08:35:04 ----A---- C:\WINDOWS\003085_.tmp
2008-11-14 08:31:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-14 08:22:38 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 08:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-11-13 17:44:33 ----D---- C:\Avenger
2008-11-13 17:44:33 ----A---- C:\avenger.txt
2008-11-12 23:13:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-12 23:13:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 21:49:13 ----D---- C:\Program Files\AutoCAD 2009
2008-11-12 21:44:18 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-11-12 21:44:18 ----D---- C:\Program Files\Autodesk
2008-11-12 18:12:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 09:30:46 ----D---- C:\Program Files\CCleaner
2008-11-12 09:24:01 ----D---- C:\Program Files\Trend Micro
2008-11-10 16:11:38 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-10 16:11:24 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-10 12:17:41 ----D---- C:\Program Files\Panda Security
2008-11-10 12:16:40 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-10 10:49:56 ----A---- C:\WINDOWS\system32\capicom.dll
2008-11-07 09:00:52 ----D---- C:\Program Files\Webroot
2008-11-07 09:00:52 ----D---- C:\Documents and Settings\Lidija\Application Data\Webroot
2008-11-07 09:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-11-07 09:00:52 ----A---- C:\WINDOWS\WRSetup.dll
2008-11-07 08:18:02 ----A---- C:\WINDOWS\system32\iihjadvy.dll
2008-11-06 18:42:17 ----A---- C:\WINDOWS\system32\df0ba77e-.txt
2008-11-06 14:06:32 ----D---- C:\Documents and Settings\Lidija\Application Data\Autodesk
2008-11-06 14:06:32 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-11-06 14:00:05 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-06 13:59:16 ----D---- C:\Program Files\MSBuild
2008-11-06 13:56:40 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-06 13:56:39 ----D---- C:\WINDOWS\system32\en-us
2008-11-06 13:55:59 ----D---- C:\Program Files\Reference Assemblies
2008-11-06 13:55:18 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-11-06 13:55:01 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-11-05 09:03:52 ----A---- C:\WINDOWS\system32\wnaspi32.dll
2008-10-31 08:26:49 ----D---- C:\Program Files\BORGChat
2008-10-30 13:39:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-30 13:28:16 ----D---- C:\Documents and Settings\Lidija\Application Data\AdobeUM
2008-10-30 10:49:28 ----A---- C:\WINDOWS\system32\wpcap.dll
2008-10-30 10:49:28 ----A---- C:\WINDOWS\system32\WanPacket.dll
2008-10-28 14:06:34 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-27 16:37:20 ----A---- C:\ssniffer_excep.txt
2008-10-27 16:37:08 ----D---- C:\Program Files\NextSecurity.NET
2008-10-25 17:43:43 ----A---- C:\WINDOWS\NetWatcherPro.ini
2008-10-25 10:46:39 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-10-25 10:45:45 ----D---- C:\Documents and Settings\Lidija\Application Data\GRETECH
2008-10-25 10:39:08 ----D---- C:\Program Files\GRETECH
2008-10-24 09:51:05 ----A---- C:\WINDOWS\twain32gid.dll
2008-10-24 07:47:10 ----D---- C:\Documents and Settings\Lidija\Application Data\Sports Interactive
2008-10-22 22:30:12 ----D---- C:\Program Files\Dude
2008-10-22 20:08:55 ----D---- C:\Program Files\NetWatcherPro
2008-10-22 20:08:49 ----A---- C:\WINDOWS\uninst.exe
2008-10-22 20:08:15 ----D---- C:\Program Files\LanTricks
2008-10-22 20:07:43 ----D---- C:\Program Files\ShareScan
2008-10-22 20:07:07 ----D---- C:\Program Files\LAN Search Pro
2008-10-22 20:04:11 ----D---- C:\Program Files\Asset Tracker for Networks
2008-10-22 20:03:33 ----D---- C:\Program Files\Advanced IP Scanner
2008-10-22 20:01:17 ----D---- C:\Documents and Settings\Lidija\Application Data\VyPRESS
2008-10-22 20:01:07 ----D---- C:\Program Files\Vypress Chat
2008-10-21 13:13:24 ----D---- C:\Program Files\PowerISO
2008-10-20 14:37:28 ----D---- C:\Program Files\FDRLab
2008-10-18 21:40:19 ----D---- C:\Documents and Settings\Lidija\Application Data\PlayFirst
2008-10-18 21:40:19 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst

======List of files/folders modified in the last 1 months======

2008-11-14 09:40:40 ----D---- C:\WINDOWS\Temp
2008-11-14 09:40:40 ----D---- C:\Documents and Settings\Lidija\Application Data\Skype
2008-11-14 09:40:23 ----D---- C:\Program Files\Mozilla Firefox
2008-11-14 09:40:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 09:39:03 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2008-11-14 09:38:41 ----D---- C:\Documents and Settings\Lidija\Application Data\The Bat!
2008-11-14 09:38:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-14 09:38:37 ----D---- C:\Documents and Settings\Lidija\Application Data\VMware
2008-11-14 09:38:17 ----D---- C:\WINDOWS
2008-11-14 09:37:33 ----D---- C:\WINDOWS\system32
2008-11-14 09:36:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-14 09:29:55 ----HD---- C:\WINDOWS\inf
2008-11-14 09:29:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-14 09:29:53 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 09:29:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 09:28:01 ----SHD---- C:\WINDOWS\Installer
2008-11-14 09:28:00 ----D---- C:\WINDOWS\WinSxS
2008-11-14 09:24:15 ----D---- C:\WINDOWS\Help
2008-11-14 09:24:15 ----D---- C:\Program Files\Internet Explorer
2008-11-14 09:21:24 ----D---- C:\WINDOWS\Media
2008-11-14 09:17:33 ----D---- C:\WINDOWS\Debug
2008-11-14 09:16:22 ----D---- C:\WINDOWS\Registration
2008-11-14 09:15:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-11-14 09:13:06 ----D---- C:\Documents and Settings\Lidija\Application Data\skypePM
2008-11-14 09:09:18 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 09:09:18 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 09:09:18 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 09:09:18 ----D---- C:\WINDOWS\ime
2008-11-14 09:09:18 ----D---- C:\WINDOWS\AppPatch
2008-11-14 08:51:19 ----D---- C:\WINDOWS\security
2008-11-14 08:45:27 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-14 08:42:01 ----D---- C:\Program Files\Messenger
2008-11-14 08:41:55 ----D---- C:\Program Files\Windows Media Player
2008-11-14 08:41:42 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-14 08:41:35 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 08:41:33 ----D---- C:\WINDOWS\PeerNet
2008-11-14 08:41:33 ----D---- C:\Program Files\Movie Maker
2008-11-14 08:39:08 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 08:39:08 ----D---- C:\WINDOWS\system32\npp
2008-11-14 08:39:08 ----D---- C:\WINDOWS\mui
2008-11-14 08:39:06 ----D---- C:\WINDOWS\msagent
2008-11-14 08:39:05 ----D---- C:\WINDOWS\srchasst
2008-11-14 08:39:04 ----D---- C:\Program Files\NetMeeting
2008-11-14 08:39:03 ----D---- C:\WINDOWS\system32\Com
2008-11-14 08:39:00 ----D---- C:\Program Files\Windows NT
2008-11-14 08:39:00 ----D---- C:\Program Files\Outlook Express
2008-11-14 08:38:56 ----D---- C:\Program Files\Common Files\System
2008-11-14 08:38:37 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 08:38:35 ----D---- C:\WINDOWS\system
2008-11-14 08:28:20 ----D---- C:\WINDOWS\ehome
2008-11-13 10:05:17 ----RD---- C:\Program Files
2008-11-12 21:56:53 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-12 21:47:14 ----D---- C:\WINDOWS\system32\DirectX
2008-11-12 21:44:18 ----D---- C:\Program Files\Common Files
2008-11-12 19:38:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-12 17:31:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-12 16:23:01 ----D---- C:\eclipse
2008-11-12 09:46:14 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-11 11:55:32 ----D---- C:\Documents and Settings\Lidija\Application Data\Azureus
2008-11-10 15:58:57 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-11-10 15:31:42 ----D---- C:\Program Files\Samsung
2008-11-10 15:24:27 ----D---- C:\Program Files\Adobe
2008-11-10 13:45:38 ----D---- C:\workspace
2008-11-10 11:41:01 ----SD---- C:\WINDOWS\Tasks
2008-11-10 08:25:12 ----SHD---- C:\RECYCLER
2008-11-07 10:14:33 ----D---- C:\Program Files\Total Video Converter
2008-11-07 08:59:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-06 17:33:43 ----RSD---- C:\WINDOWS\assembly
2008-11-06 13:59:53 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-06 13:59:51 ----D---- C:\Program Files\Microsoft Office
2008-11-06 13:55:30 ----D---- C:\WINDOWS\system32\spool
2008-11-03 21:01:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-31 22:34:12 ----A---- C:\SS2_debug.txt
2008-10-31 09:03:59 ----D---- C:\Documents and Settings\Lidija\Application Data\SQL Developer
2008-10-30 13:40:10 ----D---- C:\Documents and Settings\Lidija\Application Data\Adobe
2008-10-30 13:39:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-30 13:38:44 ----D---- C:\Program Files\Common Files\Adobe
2008-10-30 11:06:27 ----D---- C:\Documents and Settings\Lidija\Application Data\Mozilla
2008-10-30 11:06:07 ----D---- C:\WINDOWS\Minidump
2008-10-28 22:06:53 ----D---- C:\Documents and Settings
2008-10-27 16:37:08 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-21 14:57:00 ----D---- C:\Documents and Settings\Lidija\Application Data\MyPhoneExplorer
2008-10-21 14:31:02 ----D---- C:\Program Files\Vuze
2008-10-15 17:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-15 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 105984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-05-12 1228296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-10-26 216800]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-15 16816]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 DSNPFD;DSNPFD; C:\WINDOWS\system32\drivers\DSNPFD.sys [2008-06-14 15718]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2008-05-15 30768]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-09-07 85664]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-09-17 265856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2008-02-08 227856]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 OracleXETNSListener;OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2008-05-12 90112]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-05-15 109104]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-05-15 150064]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-10-02 3667304]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-11-12 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MobaSSH1;MobaSSH; C:\WINDOWS\system32\MobaSSH.exe [2008-07-20 5862400]
S3 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-01 57616]
S3 OracleServiceXE;OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-01 59064320]
S3 OracleXEClrAgent;OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-01 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-07 306432]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-11-30 186928]
S4 BMFMySQL;BMFMySQL; C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-22 4431872]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-01 102400]
S4 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-05-15 121392]

-----------------EOF-----------------

Dopuna: 14 Nov 2008 11:02

by the way instalirao sam (pred prosli post) service pack 3 i ostali security updates. Sad kad skeniram sa Spybot-Search & Destroy ne nalazi infekciju (osim DoubleClick: Tracking cookie (Firefox: default) (Cookie))

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Obriši file: C:\WINDOWS\system32\iihjadvy.dll


Skini sledeći file na Desktop: https://www.mycity.rs/must-login.png

Dvoklikni na njega i kada se pojavi upit, klikni Yes.


Restartuj kompjuter.



Isključi a zatim ponovo uključi System Restore: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kak.....WinXP.html



To je sve.

offline
  • Pridružio: 13 Nov 2008
  • Poruke: 4

Havla na pomoc.
Imam jos samo jedno pitanje. Nikako ne mogu da iskljucim process ctfmon.exe. Pokusao sam i sa brisanje fajl ali on opet se kreira.
Kako ga mogu iskljuciti?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ukoliko si siguran da želiš da sprečiš pokretanje tog procesa (tj. da ti nije potrebno to što ti on omogućuje), onda isprati ovo uputstvo:
http://support.microsoft.com/kb/282599

Ko je trenutno na forumu
 

Ukupno su 1075 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 1040 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Arahne, avijacija, babaroga, bobomicek, Brana01, coaaco, Duh sa sekirom, hyla, kalens021, kokodakalo, Lieutenant, mean_machine, Mi lao shu, MiroslavD, operniki, Panter, pein, royst33, savaskytec, su27, Udvar, vathra, virked, VJ, vladaa012, Žoržo, 1107