Nijedan spyware ga ne nalazi! Cudan problem!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U zadnjih nekoliko dana stvari, programi na kompjuteru se same iskljucuju. Igram bilijar i najednom iskljuci se sam. Tako se isto desava i sa Messengerom!
Drug mi pise nesto na engleskom i kad sam ga pitao sta mi pises na engleskom covek zacudjen a i stvarno ne zna covek engleski...

Instalirao sam Blaster, spytrojanac, MCAfee, imam Kasperskog, nekg Agava Antispy, Spybot, i nista od toga ne pomaze. Cak sam i iz SafeMode-a trazio ali nista!
Da nije mehanicki problem u kompjuteru?
Cudno je i to kad se vec iskljuci Messenger ostane u donjem desnom uglu aktivan, a kad kliknem na strelicu za otvaranje odjednom nestane.



Logfile of HijackThis v1.99.1
Scan saved at 16:29:03, on 2007-12-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\explorer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\jre1.6.0_03\bin\jusched.exe
C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\apps\ABoard\ABoard.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\apps\ABoard\AOSD.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\APPS\SMP\SmpSys.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\Mozilla Firefox\firefox.exe
d:\Program\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
c:\APPS\UPI10\Ulead Systems\Ulead PhotoImpact 10 SE\iedit.exe
C:\WINDOWS\system32\svchost.exe
D:\Documents and Settings\goran\Skrivbord\Virus\Ny mapp (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?co.....key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\sw.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\Program\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe



Usput i da li znate sta je ovo...Cesto tako izlazi! Da li je opasno!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Ovaj log je čist. Odradićemo još jednu proveru...


Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam ali nigde nisam video log...Pisalo je i ''deleting files'' i pojavio mi se WinRAR na desktopu pod imenom ''catchme''. Ne znam sta je to!

Pokusacu jos jednom da uradim log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Najnoviji log file je C:\ComboFix.txt.

Ako si već ponovo pokrenuo ComboFix, onda iskopiraj ovde i najnoviji log i onaj prethodni pod nazivom C:\ComboFix2.txt.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Malo je cudno ali evo sta sam nas'o!

ComboFix 07-12-12.3 - goran 2007-12-13 17:26:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.122 [GMT 1:00]
Running from: D:\Documents and Settings\goran\Skrivbord\Virus\ComboFix.exe

Dopuna: 12 Dec 2007 18:05

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Log je nekompletan...

Probaćemo jedan drugi program.


Preuzmi WinPFind3U na Desktop.
Dvoklikom pokreni program a zatim klikni Extract u prozoru koji se otvori. Folder WinPFind3u će biti kreiran na Desktopu.

Potrebno je uraditi sledeće:
Otvoriti folder WinPFind3u i dvoklikom na WinPFind3U.exe startovati program.
Podesiti sledeće opcije:

U Processes grupi selektovati Non-Microsoft
U Win32 Services grupi selektovati Non-Microsoft
U Driver Services grupi selektovati Non-Microsoft
U Registry grupi selektovati Non-Microsoft
U Files/Folders Created Within grupi selektovati 30 days i Non-Microsoft Only
U Files/Folders Modified Within grupi selektovati 30 days i Non-Microsoft Only
U File String Search grupi selektovati None
Kliknuti na Run Scan dugme na toolbaru
Kada skeniranje bude gotovo, logfile WinPFind3.Txt će biti kreiran u WinPFind3u folderu i otvoren u Notepad-u
Iskopiraj sadržaj tog loga u iduću poruku


Napomena: ako log bude prevelik za jednu poruku, postavi ga iz dva dela.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

WinPFind3 logfile created on: 2007-12-13 18:33:41
WinPFind3U by OldTimer - Version 1.0.44 Folder = D:\Documents and Settings\goran\Skrivbord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

511.48 Mb Total Physical Memory | 123.76 Mb Available Physical Memory | 24.20% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.41% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 29.99 Gb Total Space | 20.14 Gb Free Space | 67.16% Space Free
Drive D: | 148.50 Gb Total Space | 120.64 Gb Free Space | 81.24% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: 049747020057
Current User Name: goran
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aboard.exe -> %SystemDrive%\APPS\ABOARD\ABOARD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 24576 bytes | Modified Date = 2003-05-02 10:31:50 | Attr = ]
aosd.exe -> %SystemDrive%\APPS\ABOARD\AOSD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 69632 bytes | Modified Date = 2003-05-02 10:31:38 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-03-22 22:55:00 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-03-22 22:55:00 | Attr = ]
atiptaxx.exe -> %SystemDrive%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-03-22 21:05:00 | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 2006-11-08 17:28:30 | Attr = ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 2006-11-08 17:28:30 | Attr = ]
clcapsvc.exe -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1710 | Size = 221266 bytes | Modified Date = 2005-05-11 13:50:14 | Attr = ]
clmlserver.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 2005-05-11 13:52:00 | Attr = ]
clmlservice.exe -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLService.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 737381 bytes | Modified Date = 2005-05-11 13:52:04 | Attr = ]
clsched.exe -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1710 | Size = 110672 bytes | Modified Date = 2005-05-11 13:50:34 | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 2007-12-02 23:06:50 | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2006-02-19 04:24:52 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2006-02-19 03:21:22 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2006-02-19 01:41:10 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 08:27:52 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 00:11:36 | Attr = ]
monitor.exe -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-11-26 11:43:34 | Attr = ]
pcmservice.exe -> %SystemDrive%\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 127118 bytes | Modified Date = 2005-05-11 13:48:02 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 2006-03-23 08:53:00 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3275 | Size = 180269 bytes | Modified Date = 2006-03-23 08:53:38 | Attr = ]
smpsys.exe -> %SystemDrive%\APPS\SMP\SMPSYS.EXE -> Packard Bell BV [Ver = 1.0.0.1 | Size = 975360 bytes | Modified Date = 2005-12-08 16:39:08 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.42 | Size = 81920 bytes | Modified Date = 2005-07-22 14:00:10 | Attr = R ]
teatimer.exe -> D:\Program\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 2083664 bytes | Modified Date = 2007-10-07 11:04:34 | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 2004-02-26 09:52:00 | Attr = ]
winamp.exe -> d:\Program\Winamp\winamp.exe -> Nullsoft [Ver = 5,3,3,1100 | Size = 1120768 bytes | Modified Date = 2007-02-13 19:29:58 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 2007-11-21 09:19:46 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 360448 bytes | Modified Date = 2005-03-22 22:55:00 | Attr = ]
(AVP) Kaspersky Internet Security 6.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 2006-11-08 17:28:30 | Attr = ]
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -> [Ver = 4.00.1710 | Size = 221266 bytes | Modified Date = 2005-05-11 13:50:14 | Attr = ]
(CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\Powercinema\Kernel\TV\CLSched.exe -> [Ver = 4.00.1710 | Size = 110672 bytes | Modified Date = 2005-05-11 13:50:34 | Attr = ]
(CyberLink Media Library Service) CyberLink Media Library Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -> Cyberlink [Ver = 1, 1, 0, 1619 | Size = 61440 bytes | Modified Date = 2005-05-11 13:52:00 | Attr = ]
(GenericHidService) Generic Service for HID Keyboard Input Collections [Win32_Own | Auto | Stopped] -> -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 00:41:10 | Attr = ]
(MDM) Machine Debug Manager [Win32_Own | Auto | Stopped] -> -> File not found
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 08:27:52 | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 2004-02-26 09:52:00 | Attr = ]
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5890 built by: WinDDK | Size = 3644032 bytes | Modified Date = 2005-07-26 16:03:22 | Attr = R ]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 2001-08-17 21:51:56 | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158-) | Size = 43008 bytes | Modified Date = 2004-08-03 23:07:44 | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148-) | Size = 26496 bytes | Modified Date = 2001-08-17 21:52:00 | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148-) | Size = 14848 bytes | Modified Date = 2001-08-17 21:51:58 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6525 | Size = 1034752 bytes | Modified Date = 2005-03-22 23:00:58 | Attr = ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> D:\DOCUME~1\goran\LOKALA~1\Temp\catchme.sys -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148-) | Size = 6656 bytes | Modified Date = 2001-09-06 19:54:56 | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148-) | Size = 179584 bytes | Modified Date = 2001-08-17 21:52:16 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 14:00:00 | Attr = ]
(k750bus) Sony Ericsson 750 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750bus.sys -> MCCI [Ver = V4.28 | Size = 55216 bytes | Modified Date = 2005-02-11 10:19:20 | Attr = R ]
(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdfl.sys -> MCCI [Ver = V4.28 | Size = 6576 bytes | Modified Date = 2005-02-11 10:21:02 | Attr = R ]
(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mdm.sys -> MCCI [Ver = V4.28 | Size = 89872 bytes | Modified Date = 2005-02-11 10:21:10 | Attr = R ]
(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750mgmt.sys -> MCCI [Ver = V4.28 | Size = 81728 bytes | Modified Date = 2005-02-11 10:22:48 | Attr = R ]
(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %System32%\drivers\k750obex.sys -> MCCI [Ver = V4.28 | Size = 79488 bytes | Modified Date = 2005-02-11 10:24:24 | Attr = R ]
(kl1) kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.5.0 | Size = 104448 bytes | Modified Date = 2006-09-28 13:36:30 | Attr = ]
(klif) klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Modified Date = 2007-08-13 18:13:28 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148-) | Size = 17280 bytes | Modified Date = 2001-08-17 21:52:12 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(prodrv06) StarForce Protection Environment Driver v6 [Kernel | System | Running] -> %System32%\drivers\prodrv06.sys -> Protection Technology [Ver = 6.38 | Size = 77184 bytes | Modified Date = 2004-03-09 10:45:50 | Attr = ]
(prohlp02) StarForce Protection Helper Driver v2 [Kernel | Boot | Running] -> %System32%\drivers\prohlp02.sys -> Protection Technology [Ver = 2.38 | Size = 65504 bytes | Modified Date = 2004-03-09 11:18:10 | Attr = ]
(prosync1) StarForce Protection Synchronization Driver v1 [Kernel | Boot | Running] -> %System32%\drivers\prosync1.sys -> Protection Technology [Ver = 1.5 | Size = 6944 bytes | Modified Date = 2003-09-06 13:22:08 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148-) | Size = 17792 bytes | Modified Date = 2004-08-04 14:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 2006-08-25 04:47:00 | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 2001-08-17 21:52:20 | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 2001-08-17 21:52:20 | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 2001-08-17 21:52:18 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:56 | Attr = ]
(sfhlp01) StarForce Protection Helper Driver [Kernel | Boot | Running] -> %System32%\drivers\sfhlp01.sys -> Protection Technology [Ver = 1.5 | Size = 4832 bytes | Modified Date = 2003-12-01 16:20:52 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(SISNICXP) SiS PCI Fast Ethernet Adapter Driver for NDIS51 [Kernel | On_Demand | Running] -> %System32%\drivers\sisnicxp.sys -> SiS Corporation [Ver = 2.0.1039.1180 built by: WinDDK | Size = 32768 bytes | Modified Date = 2004-11-05 16:43:58 | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 2001-08-17 22:07:44 | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 2001-08-17 22:07:34 | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 2001-08-17 22:07:36 | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 2001-08-17 22:07:40 | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 2001-08-17 22:07:42 | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Version 0603) | Size = 36736 bytes | Modified Date = 2001-08-17 21:52:22 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ACTIVBOARD -> %SystemDrive%\APPS\ABOARD\ABOARD.EXE -> NEC Computers International [Ver = 1, 2, 0, 0 | Size = 24576 bytes | Modified Date = 2003-05-02 10:31:50 | Attr = ]
ATIPTA -> %SystemDrive%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 2005-03-22 21:05:00 | Attr = ]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 2006-11-08 17:28:30 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2006-02-19 01:41:10 | Attr = ]
McAfeeUpdaterUI -> D:\Program\McAfee\Common Framework\UpdaterUI.exe -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 09:50:42 | Attr = ]
PCMService -> %SystemDrive%\APPS\Powercinema\PCMService.exe -> CyberLink Corp. [Ver = 4.0.0.0000 | Size = 127118 bytes | Modified Date = 2005-05-11 13:48:02 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 2006-03-23 08:53:00 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.42 | Size = 81920 bytes | Modified Date = 2005-07-22 14:00:10 | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 00:11:36 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3275 | Size = 180269 bytes | Modified Date = 2006-03-23 08:53:38 | Attr = ]
Ulead AutoDetector v2 -> %CommonProgramFiles%\Ulead Systems\AutoDetector\Monitor.exe -> Ulead Systems, Inc. [Ver = 2.0.0.0 | Size = 90112 bytes | Modified Date = 2004-11-26 11:43:34 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SmpcSys -> %SystemDrive%\APPS\SMP\SMPSYS.EXE -> Packard Bell BV [Ver = 1.0.0.1 | Size = 975360 bytes | Modified Date = 2005-12-08 16:39:08 | Attr = ]
SpybotSD TeaTimer -> d:\Program\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 2083664 bytes | Modified Date = 2007-10-07 11:04:34 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 15:45:08 | Attr = R ]
< Common Startup > -> D:\Documents and Settings\All Users\Start-meny\Program\Autostart ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 2005-09-23 21:05:26 | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2006-02-19 03:21:22 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 46080 bytes | Modified Date = 2005-03-22 22:56:12 | Attr = ]
klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 94314 bytes | Modified Date = 2006-11-01 16:42:54 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (710 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> file://C:\APPS\IE\offline\sw.htm ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://format.packardbell.com/cgi-bin/redirect/?co.....key=SEARCH ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.se/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 03:16:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> d:\Program\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 2007-10-07 11:04:24 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 00:11:34 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java-konsol] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 00:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java-konsol] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 00:11:34 | Attr = ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> d:\Program\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 2007-10-07 11:04:24 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Anti-Banner -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm -> [Ver = | Size = 1317 bytes | Modified Date = 2006-11-01 16:13:52 | Attr = ]
E&xportera till Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{66810062-BFA8-4CAD-A2FB-6CB146655159} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab ->

Dopuna: 12 Dec 2007 18:41

[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 2007-12-13 17:20:57 | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-12-13 17:13:54 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-12-12 23:15:53 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 1601-01-02 23:00:00 | Attr = HS]
info.exe -> %SystemDrive%\info.exe -> [Ver = | Size = 134144 bytes | Created Date = 2007-12-10 00:49:20 | Attr = ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 2007-11-29 20:40:17 | Attr = RH ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 2007-12-13 17:15:31 | Attr = ]
t8101.le -> %SystemDrive%\t8101.le -> [Ver = | Size = 218 bytes | Created Date = 2007-11-17 23:09:16 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 2007-12-13 16:14:13 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 2007-12-13 16:14:47 | Attr = H ]
$NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ -> [Folder | Created Date = 2007-12-13 16:13:53 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 2007-12-13 16:15:12 | Attr = H ]
$NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ -> [Folder | Created Date = 2007-12-13 16:16:51 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 2007-11-15 11:20:47 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 2007-12-13 16:13:28 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 142336 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 24 bytes | Created Date = 2007-11-20 17:07:00 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-12-13 17:18:21 | Attr = ]
g1801.f -> %SystemRoot%\g1801.f -> [Ver = | Size = 218 bytes | Created Date = 2007-11-17 23:09:16 | Attr = H ]
LiveBilliardsDemo.INI -> %SystemRoot%\LiveBilliardsDemo.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-11-27 22:06:55 | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-11-17 13:17:03 | Attr = H ]
Pool.INI -> %SystemRoot%\Pool.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-11-27 22:08:43 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2007-11-19 01:35:11 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2007-11-19 01:35:11 | Attr = H ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 2007-11-29 20:41:39 | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 2007-11-27 20:08:33 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Created Date = 2007-12-12 19:53:37 | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 2007-12-12 00:59:41 | Attr = R ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-12-13 17:14:10 | Attr = ]
ComboFix.sys -> %System32%\drivers\ComboFix.sys -> [Ver = | Size = 60416 bytes | Created Date = 2007-12-13 17:29:02 | Attr = ]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 2007-12-13 17:20:58 | Attr = ]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 294 bytes | Modified Date = 2007-12-12 20:31:52 | Attr = RHS]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-12-13 17:30:58 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-12-13 10:26:14 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 2007-12-13 17:30:22 | Attr = HS]
info.exe -> %SystemDrive%\info.exe -> [Ver = | Size = 134144 bytes | Modified Date = 2007-12-10 00:49:26 | Attr = ]
MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 2007-11-29 20:40:20 | Attr = RH ]
Program -> %ProgramFiles% -> [Folder | Modified Date = 2007-12-11 17:52:34 | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 2007-12-13 17:18:00 | Attr = ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 10:55:08 | Attr = H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 10:55:20 | Attr = H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 11:13:08 | Attr = H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 11:48:12 | Attr = H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 11:48:40 | Attr = H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 11:52:58 | Attr = H ]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 11:53:08 | Attr = H ]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 12:30:32 | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2007-11-19 12:30:42 | Attr = H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 10:55:08 | Attr = H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 10:55:20 | Attr = H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 11:13:08 | Attr = H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 11:48:12 | Attr = H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 11:48:40 | Attr = H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 11:52:58 | Attr = H ]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 11:53:08 | Attr = H ]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 12:30:32 | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2007-11-19 12:30:42 | Attr = H ]
t8101.le -> %SystemDrive%\t8101.le -> [Ver = | Size = 218 bytes | Modified Date = 2007-11-19 17:47:28 | Attr = H ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-12-13 17:18:22 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-12-13 10:32:48 | Attr = H ]
$NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 2007-12-13 16:14:16 | Attr = H ]
$NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 2007-12-13 16:14:52 | Attr = H ]
$NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ -> [Folder | Modified Date = 2007-12-13 16:13:58 | Attr = H ]
$NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 2007-12-13 16:15:14 | Attr = H ]
$NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ -> [Folder | Modified Date = 2007-12-13 16:16:54 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 2007-11-15 11:20:50 | Attr = H ]
$NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 2007-12-13 16:13:30 | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-12-03 21:11:06 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-12-13 17:30:28 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 142336 bytes | Modified Date = 2007-12-09 19:04:28 | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 24 bytes | Modified Date = 2007-11-20 17:07:02 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-12-13 17:18:22 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-11-29 20:45:04 | Attr = R S]
g1801.f -> %SystemRoot%\g1801.f -> [Ver = | Size = 218 bytes | Modified Date = 2007-11-19 17:47:28 | Attr = H ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-12-13 17:17:58 | Attr = ]
iedit.INI -> %SystemRoot%\iedit.INI -> [Ver = | Size = 30 bytes | Modified Date = 2007-12-03 00:19:22 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 2007-12-13 16:15:18 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-12-13 16:16:56 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-12-12 23:17:36 | Attr = HS]
LiveBilliardsDemo.INI -> %SystemRoot%\LiveBilliardsDemo.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-11-27 22:06:56 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2007-12-10 00:51:56 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2007-12-13 17:59:02 | Attr = ]
PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-11-17 13:17:04 | Attr = H ]
Pool.INI -> %SystemRoot%\Pool.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-11-27 22:08:44 | Attr = ]
PREFETCH -> %SystemRoot%\PREFETCH -> [Folder | Modified Date = 2007-12-12 01:08:52 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2007-11-19 01:35:12 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2007-12-10 17:30:50 | Attr = H ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2007-11-29 20:45:36 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2007-12-12 20:31:52 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2007-12-13 17:18:12 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-12-13 17:18:06 | Attr = S]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 582 bytes | Modified Date = 2007-12-12 20:31:52 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-11-29 20:46:06 | Attr = ]
WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 2007-11-27 20:08:34 | Attr = ]
Master CD_DVD Creator.job -> %SystemRoot%\tasks\Master CD_DVD Creator.job -> [Ver = | Size = 228 bytes | Modified Date = 2007-12-13 18:30:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-12-13 17:30:34 | Attr = H ]
Utökad garanti.job -> %SystemRoot%\tasks\Utökad garanti.job -> [Ver = | Size = 228 bytes | Modified Date = 2007-12-13 18:30:02 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-12-13 17:33:34 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 2007-12-13 17:19:46 | Attr = ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 2007-12-12 19:53:38 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-12-13 16:16:54 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-12-13 17:29:04 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 428592 bytes | Modified Date = 2007-11-30 11:50:28 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63188 bytes | Modified Date = 2007-12-09 11:55:18 | Attr = ]
perfc01D.dat -> %System32%\perfc01D.dat -> [Ver = | Size = 74848 bytes | Modified Date = 2007-12-09 11:55:18 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 403968 bytes | Modified Date = 2007-12-09 11:55:18 | Attr = ]
perfh01D.dat -> %System32%\perfh01D.dat -> [Ver = | Size = 406824 bytes | Modified Date = 2007-12-09 11:55:18 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 954438 bytes | Modified Date = 2007-12-09 11:55:16 | Attr = ]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 2007-12-12 00:59:52 | Attr = R ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2007-12-04 01:00:44 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-12-09 11:55:18 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2007-12-11 18:00:58 | Attr = ]
ComboFix.sys -> %System32%\drivers\ComboFix.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2007-12-13 17:29:04 | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 44932640 bytes | Modified Date = 2007-12-13 18:28:28 | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 604388 bytes | Modified Date = 2007-12-13 17:29:38 | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 2048288 bytes | Modified Date = 2007-12-13 18:33:58 | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 194924 bytes | Modified Date = 2007-12-13 17:29:38 | Attr = HS]

< End of report >

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pošalji mi sledeće file-ove:

C:\info.exe
catchme.zip (nalazi se na desktopu)

Upload forma: http://www.mycity.rs/ambulanta-upload.php

Dopuna: 13 Dec 2007 21:16

Postojala je infekcija koju je izgleda ComboFix uspeo da ukloni, no odradićemo još neke provere da bi bili sigurni u to.


1) Obriši file: C:\info.exe


2) Ponovo pokreni ComboFix - ukoliko ovaj put log bude napravljen, kopiraj ga ovde.


3) Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

Imaj na umu da bi ovi logovi mogli biti preveliki za jednu poruku - ako to bude slučaj, pošalji ih iz više delova.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Šta se dogodilo sa ComboFix-om?


Upload-uj mi sledeći file:

C:\WINDOWS\system32\user32.dll


Upload link: http://www.mycity.rs/ambulanta-upload.php