MyCity » Ambulanta -> Arhiva Ambulante » startdrv trojanac??

startdrv trojanac??

Napisano na dan: 2.12.2007

Strana:
1
2

startdrv trojanac??

Sledeća strana

Pagination

Odgovori

Strana:
1
2

baso_car Poslao: 02 Dec 2007 18:22 Idi na vrh
offline baso_car Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav svim dobrim ljudima,novi sam vamo - potrebna mi je pomoć. Naime,i prije je u moj komp znao upast virus al bi ga uvijek moji antivirusni programi glatko izbacili iz kompa onakvom brzinom kao što je i on ušao u komp.Tako je bilo do prije 10-tak dana,kada su počele muke po moj komp...Koristim AVG-ov antivirusni program,jako dobar program koji mi je na "Lokalnom disku" u podmapi "Windows" oktrio jedan trojanac koji se nalazi jos u podmapi "Temp" a naziva se startdrv. Nikad prije nisam čuo za takvo nešto,komp ga skenira i očita da je virus ali jednostvano neće da ga izbriše...pomagajte!!! Hvala unaprijed!

Profil

nikoola Poslao: 02 Dec 2007 18:32 Idi na vrh
offline nikoola Legendarni građanin Pridružio: 12 Jan 2004 Poruke: 9661 Gde živiš: Čačak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ispostuj pravila iz ove teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

baso_car Poslao: 03 Dec 2007 17:49 Idi na vrh
offline baso_car Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nezna nitko??

Profil

helen1 Poslao: 03 Dec 2007 18:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pogledaj temu koju ti je nikoola napisao u gornjem postu!

Profil

baso_car Poslao: 03 Dec 2007 18:39 Idi na vrh
offline baso_car Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 18:35:19, on 3.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\aspimgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\System32\alg.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Korisnik\Desktop\Baso\TR3.exe.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3B212B20-8877-414B-ADD0-BE7C659C8EE6} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\local disk\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: yaywxwt - yaywxwt.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Profil

dr_Bora Poslao: 03 Dec 2007 22:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

baso_car Poslao: 04 Dec 2007 16:34 Idi na vrh
offline baso_car Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinio sam,al dobio samo plavi prozor...sta s njime...stoji i nista neradi?

Profil

dr_Bora Poslao: 04 Dec 2007 16:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koristićemo drugi alat... Skini WinPFind3U.exe na desktop i dvoklik na njega da bi ga raspakovao. Kreiraće se folder WinPFind3u na desktopu. Uđi u folder WinPFind3u i dvoklik na WinPFind3U.exe da bi startovali program. Sada klikni na Run Scan dugme na toolbar-u. Kada se završi skeniranje otvoriće se Notepad sa već upisanim logom. Klikni na Format meni i proveri da Wordwrap nije čekiran. Ako jeste, klikni na njega da ga odčekiraš. Iskopiraj sada taj tekst iz Notepada u poruku na forumu

Profil

baso_car Poslao: 04 Dec 2007 17:20 Idi na vrh
offline baso_car Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! WinPFind3 logfile created on: 4.12.2007 17:09:19 WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Korisnik\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 766,48 Mb Total Physical Memory \| 208,48 Mb Available Physical Memory \| 27,20% Memory free 1,83 Gb Paging File \| 1,27 Gb Available in Paging File \| 69,54% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 39,07 Gb Total Space \| 1,75 Gb Free Space \| 4,47% Space Free Drive D: \| 18,20 Gb Total Space \| 14,00 Gb Free Space \| 76,92% Space Free E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: INTEL Current User Name: Korisnik Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] aspimgr.exe -> %System32%\aspimgr.exe -> [Ver = \| Size = 65536 bytes \| Modified Date = 30.11.2007 13:57:42 \| Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 \| Size = 418816 bytes \| Modified Date = 26.10.2007 8:06:58 \| Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 \| Size = 579072 bytes \| Modified Date = 26.10.2007 8:07:00 \| Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 \| Size = 406528 bytes \| Modified Date = 26.10.2007 8:07:00 \| Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 \| Size = 49664 bytes \| Modified Date = 21.11.2006 19:54:16 \| Attr = ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 217088 bytes \| Modified Date = 31.10.2007 15:48:36 \| Attr = ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 217088 bytes \| Modified Date = 31.10.2007 15:48:36 \| Attr = ] bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 \| Size = 1183744 bytes \| Modified Date = 6.6.2005 12:23:08 \| Attr = ] btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = \| Size = 110592 bytes \| Modified Date = 6.4.2005 15:03:28 \| Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 \| Size = 7650416 bytes \| Modified Date = 2.12.2007 12:10:44 \| Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 \| Size = 233472 bytes \| Modified Date = 23.10.2003 18:51:18 \| Attr = ] hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 \| Size = 229437 bytes \| Modified Date = 21.5.2003 17:37:08 \| Attr = ] hpwuschd.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 \| Size = 49152 bytes \| Modified Date = 25.6.2003 10:24:48 \| Attr = ] hpztsb09.exe -> %System32%\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 \| Size = 188416 bytes \| Modified Date = 28.7.2003 14:43:44 \| Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 \| Size = 132496 bytes \| Modified Date = 12.7.2007 3:00:36 \| Attr = ] raid_tool.exe -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 5, 2, 6, 0 \| Size = 1060864 bytes \| Modified Date = 23.11.2005 3:12:16 \| Attr = ] raui.exe -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 1, 1, 5, 0 \| Size = 589824 bytes \| Modified Date = 15.12.2005 15:23:28 \| Attr = ] sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 \| Size = 895088 bytes \| Modified Date = 2.11.2006 16:17:14 \| Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 52 \| Size = 577536 bytes \| Modified Date = 1.3.2006 9:22:04 \| Attr = ] starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 \| Size = 217600 bytes \| Modified Date = 2.4.2005 2:51:48 \| Attr = ] swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2620 \| Size = 2111632 bytes \| Modified Date = 2.11.2006 16:11:36 \| Attr = ] t-com antidialer.exe -> %ProgramFiles%\T-Com Antidialer\T-Com Antidialer.exe -> [Ver = 1, 0, 0, 1 \| Size = 526120 bytes \| Modified Date = 19.1.2005 14:28:26 \| Attr = ] winamp.exe -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,3,5,1305 \| Size = 1137664 bytes \| Modified Date = 14.5.2007 23:23:58 \| Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = \| Size = 35328 bytes \| Modified Date = 14.5.2007 23:22:22 \| Attr = ] wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 \| Size = 237568 bytes \| Modified Date = 12.7.2004 19:50:00 \| Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 \| Size = 371200 bytes \| Modified Date = 21.11.2007 9:19:46 \| Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own \| On_Demand \| Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 \| Size = 72704 bytes \| Modified Date = 20.10.2006 13:24:24 \| Attr = ] (aspimgr) Microsoft ASPI Manager [Win32_Own \| Auto \| Running] -> %System32%\aspimgr.exe -> [Ver = \| Size = 65536 bytes \| Modified Date = 30.11.2007 13:57:42 \| Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own \| On_Demand \| Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> File not found (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 \| Size = 418816 bytes \| Modified Date = 26.10.2007 8:06:58 \| Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 \| Size = 49664 bytes \| Modified Date = 21.11.2006 19:54:16 \| Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 \| Size = 406528 bytes \| Modified Date = 26.10.2007 8:07:00 \| Attr = ] (avp) avp [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 217088 bytes \| Modified Date = 31.10.2007 15:48:36 \| Attr = ] (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own \| Auto \| Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = \| Size = 110592 bytes \| Modified Date = 6.4.2005 15:03:28 \| Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared \| On_Demand \| Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 \| Size = 224768 bytes \| Modified Date = 3.8.2004 23:56:50 \| Attr = ] (SDhelper) PC Tools Spyware Doctor [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 \| Size = 895088 bytes \| Modified Date = 2.11.2006 16:17:14 \| Attr = ] (SiteAdvisor Service) SiteAdvisor Service [Win32_Own \| Auto \| Stopped] -> %ProgramFiles%\SiteAdvisor\4608\SAService.exe -> File not found (StarWindService) StarWind iSCSI Service [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 \| Size = 217600 bytes \| Modified Date = 2.4.2005 2:51:48 \| Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 \| Size = 40048 bytes \| Modified Date = 11.5.2007 2:06:32 \| Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 \| Size = 339968 bytes \| Modified Date = 25.8.2004 11:52:00 \| Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 \| Size = 579072 bytes \| Modified Date = 26.10.2007 8:07:00 \| Attr = ] AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 217088 bytes \| Modified Date = 31.10.2007 15:48:36 \| Attr = ] DeviceDiscovery -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 \| Size = 229437 bytes \| Modified Date = 21.5.2003 17:37:08 \| Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1 \| Size = 233472 bytes \| Modified Date = 23.10.2003 18:51:18 \| Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 2 \| Size = 49152 bytes \| Modified Date = 25.6.2003 10:24:48 \| Attr = ] HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.2.0 \| Size = 188416 bytes \| Modified Date = 28.7.2003 14:43:44 \| Attr = ] NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 \| Size = 155648 bytes \| Modified Date = 9.7.2001 9:50:42 \| Attr = ] RaidTool -> %ProgramFiles%\VIA\RAID\raid_tool.exe -> VIA Technologies [Ver = 5, 2, 6, 0 \| Size = 1060864 bytes \| Modified Date = 23.11.2005 3:12:16 \| Attr = ] SoundMan -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 52 \| Size = 577536 bytes \| Modified Date = 1.3.2006 9:22:04 \| Attr = ] startdrv -> %SystemRoot%\Temp\startdrv.exe -> [Ver = \| Size = 20992 bytes \| Modified Date = 2.12.2007 11:07:38 \| Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 \| Size = 132496 bytes \| Modified Date = 12.7.2007 3:00:36 \| Attr = ] tcomantidialerrun -> %ProgramFiles%\T-Com Antidialer\T-Com Antidialer.exe -> [Ver = 1, 0, 0, 1 \| Size = 526120 bytes \| Modified Date = 19.1.2005 14:28:26 \| Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = \| Size = 35328 bytes \| Modified Date = 14.5.2007 23:22:22 \| Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.198 \| Size = 25365032 bytes \| Modified Date = 18.12.2006 17:32:52 \| Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2620 \| Size = 2111632 bytes \| Modified Date = 2.11.2006 16:11:36 \| Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\ATI CATALYST System Tray.lnk -> D:\local disk\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.0.1698.24173 \| Size = 28672 bytes \| Modified Date = 25.8.2004 13:25:56 \| Attr = ] %AllUsersStartup%\BlueSoleil.lnk -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 1, 4 \| Size = 1183744 bytes \| Modified Date = 6.6.2005 12:23:08 \| Attr = ] %AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 \| Size = 237568 bytes \| Modified Date = 12.7.2004 19:50:00 \| Attr = ] %AllUsersStartup%\Ralink Wireless Utility.lnk -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 1, 1, 5, 0 \| Size = 589824 bytes \| Modified Date = 15.12.2005 15:23:28 \| Attr = ] < User Startup > -> C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup -> %UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 \| Size = 113664 bytes \| Modified Date = 16.3.2005 18:16:50 \| Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 \| Size = 36864 bytes \| Modified Date = 26.2.2003 21:27:44 \| Attr = ] C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 8.0\adialhk.dll -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 77824 bytes \| Modified Date = 31.10.2007 15:46:48 \| Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {837B45D6-BF85-457D-AABF-6D2E7815F791} [HKLM] -> Reg Data - Key not found [] -> File not found < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> Reg Data - Value does not exist -> File not found crypt -> crypts.dll -> File not found klogon -> %System32%\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.33 \| Size = 200704 bytes \| Modified Date = 31.10.2007 15:47:58 \| Attr = ] rpcc -> %System32%\rpcc.dll -> File not found WB -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 \| Size = 24576 bytes \| Modified Date = 20.12.2001 22:34:52 \| Attr = ] yaywxwt -> yaywxwt.dll -> File not found < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (50 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKLM: Main\\Default_Search_URL -> microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Start Page -> microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKLM: CustomizeSearch -> ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: SearchAssistant -> google.com/ie -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Bar -> microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Search Page -> google.com -> HKCU: Start Page -> about:blank -> HKCU: CustomizeSearch -> ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKCU: SearchAssistant -> ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 \| Size = 62080 bytes \| Modified Date = 22.10.2006 22:08:42 \| Attr = ] {3B212B20-8877-414B-ADD0-BE7C659C8EE6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 \| Size = 825528 bytes \| Modified Date = 1.8.2006 14:27:06 \| Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 \| Size = 501136 bytes \| Modified Date = 12.7.2007 3:00:36 \| Attr = ] {B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 \| Size = 850104 bytes \| Modified Date = 1.8.2006 14:23:12 \| Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 \| Size = 132496 bytes \| Modified Date = 12.7.2007 3:00:36 \| Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 \| Size = 501136 bytes \| Modified Date = 12.7.2007 3:00:36 \| Attr = ] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: ] -> File not found {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Istraživanje] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> http:\edits.mywebsearch.com\toolbaredits\menusearch.jht -> File not found Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found I&zvoz u Microsoft Excel -> -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1A9C5304-EF32-488A-998C-961AA3270C88} -> () -> {7B737440-6775-4C7B-938E-9F8EACF3BD35} -> () -> {87311EE8-190C-4CF8-9435-E200AB204256} -> (RT73 USB Wireless LAN Card) -> {B0B8C9D8-30F5-4EEC-B1AD-B25B3DD6BE30} -> (VIA Rhine II Fast Ethernet Adapter) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.1 \| Size = 81920 bytes \| Modified Date = 23.10.2003 18:51:20 \| Attr = ] ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 \| Size = 1783384 bytes \| Modified Date = 1.11.2006 15:21:20 \| Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> [Files/Folders - Created Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder \| Created Date = 4.12.2007 16:30:56 \| Attr = ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = \| Size = 268 bytes \| Created Date = 20.11.2007 17:51:20 \| Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = \| Size = 244 bytes \| Created Date = 20.11.2007 17:51:20 \| Attr = H ] $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder \| Created Date = 15.11.2007 9:42:49 \| Attr = ] Installer -> %SystemRoot%\Installer -> [Folder \| Created Date = 13.11.2007 20:25:14 \| Attr = HS] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = \| Size = 10 bytes \| Created Date = 13.11.2007 20:18:03 \| Attr = ] %BlstFolder% -> %System32%\%BlstFolder% -> [Folder \| Created Date = 30.11.2007 12:19:05 \| Attr = ] 8_exception.nls -> %System32%\8_exception.nls -> [Ver = \| Size = 0 bytes \| Created Date = 11.11.2007 19:23:03 \| Attr = ] aspimgr.exe -> %System32%\aspimgr.exe -> [Ver = \| Size = 65536 bytes \| Created Date = 11.11.2007 19:23:10 \| Attr = ] bdeadmin.cpl -> %System32%\bdeadmin.cpl -> [Ver = \| Size = 183808 bytes \| Created Date = 14.11.2007 15:33:59 \| Attr = ] d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = \| Size = 552 bytes \| Created Date = 16.11.2007 14:13:16 \| Attr = ] d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = \| Size = 664 bytes \| Created Date = 16.11.2007 14:13:18 \| Attr = ] sttss.bak1 -> %System32%\sttss.bak1 -> [Ver = \| Size = 6465 bytes \| Created Date = 11.11.2007 19:39:23 \| Attr = HS] sttss.ini -> %System32%\sttss.ini -> [Ver = \| Size = 13046 bytes \| Created Date = 11.11.2007 19:38:52 \| Attr = HS] xpdx.sys -> %System32%\xpdx.sys -> [Ver = \| Size = 54046 bytes \| Created Date = 2.1.1601 23:00:00 \| Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = \| Size = 10359584 bytes \| Created Date = 30.11.2007 12:09:12 \| Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = \| Size = 32 bytes \| Created Date = 30.11.2007 12:09:12 \| Attr = HS] klick.dat -> %System32%\drivers\klick.dat -> [Ver = \| Size = 82061 bytes \| Created Date = 30.11.2007 12:10:30 \| Attr = ] klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.203 \| Size = 155152 bytes \| Created Date = 30.11.2007 11:57:18 \| Attr = ] klin.dat -> %System32%\drivers\klin.dat -> [Ver = \| Size = 81549 bytes \| Created Date = 30.11.2007 12:10:30 \| Attr = ] [Files/Folders - Modified Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder \| Modified Date = 4.12.2007 14:23:02 \| Attr = RH ] ComboFix -> %SystemDrive%\ComboFix -> [Folder \| Modified Date = 4.12.2007 16:47:08 \| Attr = ] Program Files -> %ProgramFiles% -> [Folder \| Modified Date = 30.11.2007 12:09:18 \| Attr = R ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = \| Size = 268 bytes \| Modified Date = 20.11.2007 17:51:22 \| Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = \| Size = 244 bytes \| Modified Date = 20.11.2007 17:51:22 \| Attr = H ] WINDOWS -> %SystemRoot% -> [Folder \| Modified Date = 4.12.2007 13:25:06 \| Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder \| Modified Date = 15.11.2007 9:42:40 \| Attr = ] $NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder \| Modified Date = 15.11.2007 9:42:52 \| Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = \| Size = 2048 bytes \| Modified Date = 4.12.2007 13:19:44 \| Attr = S] CDPLAYER.INI -> %SystemRoot%\CDPLAYER.INI -> [Ver = \| Size = 27430 bytes \| Modified Date = 12.11.2007 20:47:36 \| Attr = ] Debug -> %SystemRoot%\Debug -> [Folder \| Modified Date = 15.11.2007 9:40:44 \| Attr = ] inf -> %SystemRoot%\inf -> [Folder \| Modified Date = 2.12.2007 11:09:46 \| Attr = ] Installer -> %SystemRoot%\Installer -> [Folder \| Modified Date = 30.11.2007 12:10:52 \| Attr = HS] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = \| Size = 116 bytes \| Modified Date = 18.11.2007 10:04:28 \| Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder \| Modified Date = 4.12.2007 17:06:06 \| Attr = ] system32 -> %System32% -> [Folder \| Modified Date = 30.11.2007 13:57:42 \| Attr = ] Temp -> %SystemRoot%\Temp -> [Folder \| Modified Date = 4.12.2007 13:26:00 \| Attr = ] wb.ini -> %SystemRoot%\wb.ini -> [Ver = \| Size = 144 bytes \| Modified Date = 14.11.2007 19:49:14 \| Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = \| Size = 10 bytes \| Modified Date = 13.11.2007 20:18:06 \| Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = \| Size = 396 bytes \| Modified Date = 30.11.2007 18:07:04 \| Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = \| Size = 6 bytes \| Modified Date = 4.12.2007 13:19:44 \| Attr = H ] %BlstFolder% -> %System32%\%BlstFolder% -> [Folder \| Modified Date = 30.11.2007 12:19:06 \| Attr = ] 8_exception.nls -> %System32%\8_exception.nls -> [Ver = \| Size = 0 bytes \| Modified Date = 11.11.2007 19:23:04 \| Attr = ] aspimgr.exe -> %System32%\aspimgr.exe -> [Ver = \| Size = 65536 bytes \| Modified Date = 30.11.2007 13:57:42 \| Attr = ] CatRoot -> %System32%\CatRoot -> [Folder \| Modified Date = 15.11.2007 9:42:40 \| Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder \| Modified Date = 30.11.2007 12:09:04 \| Attr = ] d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = \| Size = 552 bytes \| Modified Date = 16.11.2007 14:13:18 \| Attr = ] d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = \| Size = 664 bytes \| Modified Date = 20.11.2007 17:52:40 \| Attr = ] dllcache -> %System32%\dllcache -> [Folder \| Modified Date = 15.11.2007 9:43:12 \| Attr = RHS] drivers -> %System32%\drivers -> [Folder \| Modified Date = 2.12.2007 11:09:46 \| Attr = ] sttss.bak1 -> %System32%\sttss.bak1 -> [Ver = \| Size = 6465 bytes \| Modified Date = 11.11.2007 19:39:24 \| Attr = HS] sttss.ini -> %System32%\sttss.ini -> [Ver = \| Size = 13046 bytes \| Modified Date = 11.11.2007 21:44:18 \| Attr = HS] wpa.dbl -> %System32%\wpa.dbl -> [Ver = \| Size = 2206 bytes \| Modified Date = 4.12.2007 13:19:44 \| Attr = ] xpdx.sys -> %System32%\xpdx.sys -> [Ver = \| Size = 54046 bytes \| Modified Date = 28.11.2007 17:02:52 \| Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = \| Size = 10359584 bytes \| Modified Date = 30.11.2007 22:13:14 \| Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = \| Size = 32 bytes \| Modified Date = 30.11.2007 12:09:18 \| Attr = HS] klick.dat -> %System32%\drivers\klick.dat -> [Ver = \| Size = 82061 bytes \| Modified Date = 30.11.2007 12:10:32 \| Attr = ] klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.203 \| Size = 155152 bytes \| Modified Date = 30.11.2007 11:55:58 \| Attr = ] klin.dat -> %System32%\drivers\klin.dat -> [Ver = \| Size = 81549 bytes \| Modified Date = 30.11.2007 12:10:32 \| Attr = ] [File String Scan - Non-Microsoft Only] @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable -> WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2, 2, 0, 60 \| Size = 18796544 bytes \| Modified Date = 8.5.2006 9:03:02 \| Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = \| Size = 41397 bytes \| Modified Date = 11.4.2001 17:14:04 \| Attr = ] Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a \| Size = 115880 bytes \| Modified Date = 25.8.2006 4:47:00 \| Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = \| Size = 1309184 bytes \| Modified Date = 11.4.2001 17:15:46 \| Attr = ] Thawte Consulting , -> %System32%\WBOCX.OCX -> Stardock [Ver = 4.9.0.1 \| Size = 562944 bytes \| Modified Date = 20.3.2007 21:38:00 \| Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = \| Size = 13463552 bytes \| Modified Date = 11.4.2001 17:13:20 \| Attr = ] UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 \| Size = 821856 bytes \| Modified Date = 26.10.2007 8:06:46 \| Attr = ] PEC2 , -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 \| Size = 82148 bytes \| Modified Date = 25.3.2005 16:18:48 \| Attr = ] < End of report >

Profil

dr_Bora Poslao: 04 Dec 2007 18:51 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Rustbfix i sačuvaj ga na desktopu. Potrebno je uraditi sledeće: Dvoklikom pokrenuti program rustbfix.exe Program će započeti skeniranje Ukoliko rootkit nije detektovan, nakon nekoliko sekundi će se otvoriti log u Notepad-u čiji sadržaj je potrebno iskopirati u temu na forumu Ukoliko rootkit bude detektovan, pojaviće se upit o restartovanju kompjutera: kliknuti na Yes Nakon restartovanja sistema će, po potrebi, automatski doći do još jednog restarta Kada čišćenje bude gotovo, dva loga će se otvoriti u Notepad-u (C:\avenger.txt i C:\rustbfix\pelog.txt) Iskopirati sadržaj ta dva loga u temu na forumu

Profil

MyCity » Ambulanta -> Arhiva Ambulante » startdrv trojanac??

Ko je trenutno na forumu

Ukupno su 953 korisnika na forumu :: 4 registrovanih, 1 sakriven i 948 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Avalon015, vladetije, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by