MyCity » Ambulanta -> Arhiva Ambulante » Adobe.R, RavMonLog, Autorun.inf...

Adobe.R, RavMonLog, Autorun.inf...

Napisano na dan: 3.8.2008

Adobe.R, RavMonLog, Autorun.inf...

Sledeća strana

Pagination

Odgovori

kravadinka Poslao: 03 Avg 2008 15:30 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dakle imam problem sa ovim dosadnim virusom, ili sta je vec, par puta sam reinstalirao sistem, ali se oni stalno pojavljuju, vrlo je moguce da ih imaju ljudi sa kojima razmenjujem podatke preko flash-a, ali to je sada nebitno... Logfile of HijackThis v1.99.1 Scan saved at 15:50:54, on 8/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\program files\steam\steam.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Bojan\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41EA6F19-FD79-460C-82EE-8A0883E76523}: NameServer = 10.10.2.69,10.10.2.79 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe

Profil

dr_Bora Poslao: 03 Avg 2008 15:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings.... U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK. Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

kravadinka Poslao: 03 Avg 2008 16:08 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 15:50:54, on 8/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\program files\steam\steam.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Digidesign\Drivers\MMERefresh.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Bojan\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41EA6F19-FD79-460C-82EE-8A0883E76523}: NameServer = 10.10.2.69,10.10.2.79 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe Dopuna: 03 Avg 2008 16:08 ComboFix 08-08-02.01 - Bojan 2008-08-03 16:02:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3293 [GMT 2:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))) . 2008-08-03 15:14 . 2008-08-03 15:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 15:14 . 2008-08-03 15:14 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Malwarebytes 2008-08-03 15:14 . 2008-08-03 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-03 05:26 . 2008-08-03 05:26 <DIR> d-------- C:\Program Files\iTunes 2008-08-03 05:26 . 2008-08-03 05:26 <DIR> d-------- C:\Program Files\iPod 2008-08-03 05:26 . 2008-08-03 05:27 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Apple Computer 2008-08-03 05:25 . 2008-08-03 05:26 <DIR> d-------- C:\Program Files\QuickTime 2008-08-03 05:25 . 2008-08-03 05:25 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-03 05:25 . 2008-08-03 05:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-03 05:25 . 2008-08-03 05:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-07-31 12:34 . 2008-08-02 16:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-31 12:34 . 2008-07-31 12:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-29 12:04 . 2008-07-29 12:05 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\EmuPatchMixDSP 2008-07-28 18:34 . 2008-07-28 18:34 <DIR> d-------- C:\Program Files\Pinguin Audio Meter 2008-07-28 01:56 . 2008-07-28 01:56 <DIR> d-------- C:\Program Files\Toontrack 2008-07-28 01:31 . 2008-07-28 01:31 <DIR> d-------- C:\Program Files\DivXLand 2008-07-28 01:31 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2008-07-22 16:17 . 2008-07-22 16:17 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Cakewalk 2008-07-22 16:02 . 2008-07-22 17:12 <DIR> d-------- C:\Program Files\Cakewalk 2008-07-22 16:02 . 2008-07-22 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk 2008-07-18 07:43 . 2008-07-18 07:43 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Steinberg 2008-07-18 03:54 . 2008-07-18 03:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2008-07-18 03:45 . 2008-07-23 08:29 <DIR> d-------- C:\Program Files\Steinberg 2008-07-18 03:24 . 2008-07-18 03:24 <DIR> d-------- C:\Program Files\Common Files\Acronis 2008-07-18 03:24 . 2008-07-18 03:24 <DIR> d-------- C:\Program Files\Acronis 2008-07-18 03:24 . 2008-07-18 03:24 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2008-07-18 03:02 . 2008-07-18 03:02 4,958,588 --a------ C:\WINDOWS\{00000005-00000000-00000001-00001102-00000008-40021102}.CDF 2008-07-18 03:01 . 2008-07-18 03:45 <DIR> d-------- C:\Program Files\Creative Professional 2008-07-18 03:01 . 2006-11-14 15:28 86,016 --a------ C:\WINDOWS\system32\cttele.dll 2008-07-18 03:01 . 2008-08-03 15:32 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000001-00001102-00000008-40021102}.rfx 2008-07-18 03:01 . 2008-08-03 15:32 1,104 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-40021102}.rfx 2008-07-18 03:01 . 2008-08-03 15:32 1,104 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-40021102}.rfx 2008-07-18 03:01 . 2008-08-03 15:32 64 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-40021102}.rfx 2008-07-18 03:01 . 2008-08-03 15:32 64 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000001-00001102-00000008-40021102}.rfx 2008-07-18 03:00 . 2008-07-18 03:00 <DIR> d-------- C:\WINDOWS\system32\Data 2008-07-18 03:00 . 2008-07-18 03:00 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Creative 2008-07-18 03:00 . 2008-07-18 03:00 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-07-18 03:00 . 2008-07-18 03:00 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-07-18 03:00 . 2008-03-20 15:36 11,776 --a------ C:\WINDOWS\INRES.DLL 2008-07-18 03:00 . 2008-03-20 15:34 10,240 --a------ C:\WINDOWS\CTDCRES.DLL 2008-07-18 03:00 . 2008-03-20 15:35 2,560 --a------ C:\WINDOWS\CTXFIRES.DLL 2008-07-17 06:57 . 2008-07-17 06:57 <DIR> d-------- C:\Program Files\ASIO4ALL v2 2008-07-16 17:02 . 2008-07-16 17:02 <DIR> d-------- C:\Program Files\Rail Jon Rogut Software 2008-07-15 19:20 . 2008-07-15 19:20 <DIR> d-------- C:\WINDOWS\CPU & Ram Meter 2008-07-15 18:59 . 2008-07-15 19:06 <DIR> d--h----- C:\masm32 2008-07-15 18:36 . 2008-07-15 18:36 <DIR> d-------- C:\Program Files\LaaTiDo 2008-07-15 18:36 . 1998-05-18 03:06 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2008-07-15 16:55 . 2008-07-15 16:55 1,344,434 --a------ C:\WINDOWS\system32\TmpA44181437 2008-07-13 05:22 . 2008-07-13 05:22 <DIR> d-------- C:\Program Files\uTorrent 2008-07-13 05:22 . 2008-07-26 20:23 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\uTorrent 2008-07-11 14:33 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\drivers\sbp2port.sys 2008-07-11 14:33 . 2004-08-03 22:59 43,136 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys 2008-07-07 13:40 . 2008-07-07 13:40 <DIR> d-------- C:\Program Files\PowerISO 2008-07-07 13:39 . 2008-07-07 13:39 1,344,434 --a------ C:\WINDOWS\system32\TmpA142609 2008-07-06 11:04 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-03 13:37 --------- d-----w C:\Program Files\Steam 2008-08-03 13:24 --------- d-----w C:\Program Files\ICQToolbar 2008-08-03 13:21 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Free Download Manager 2008-08-03 03:54 --------- d-----w C:\Program Files\Power Off 2008-08-02 14:44 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-07-31 15:38 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Digidesign 2008-07-24 12:47 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Azureus 2008-07-24 12:40 --------- d-----w C:\Program Files\Free Download Manager 2008-07-16 12:22 --------- d-----w C:\Program Files\coolpro2 2008-07-15 14:57 --------- d-----w C:\Program Files\Alldj_DVD_To_AVI 2008-07-15 14:56 --------- d-----w C:\Program Files\Easy DVD Extractor 2008-07-15 14:56 --------- d-----w C:\Program Files\Dvd-to-mpeg 2008-07-15 14:56 --------- d-----w C:\Program Files\DVD-to-AVI 2008-07-09 00:46 --------- d-----w C:\Program Files\Azureus 2008-07-06 09:05 --------- d-----w C:\Documents and Settings\Bojan\Application Data\PACE Anti-Piracy 2008-07-06 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy 2008-07-02 19:47 16,608 ----a-w C:\WINDOWS\gdrv.sys 2008-07-02 16:32 --------- d-----w C:\Program Files\Yahoo! 2008-07-02 16:32 --------- d-----w C:\Program Files\Realtek 2008-07-02 16:26 --------- d-----w C:\Program Files\GIGABYTE 2008-06-27 22:35 --------- d-----w C:\Program Files\FXpansion 2008-06-27 19:55 --------- d-----w C:\Program Files\Java 2008-06-27 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-06-27 19:54 --------- d-----w C:\Program Files\Common Files\Java 2008-06-27 19:16 --------- d-----w C:\Documents and Settings\Bojan\Application Data\FXpansion 2008-06-25 11:21 --------- d-----w C:\Program Files\VSTPlugins 2008-06-25 10:25 --------- d-----w C:\Program Files\ieSpell 2008-06-24 19:23 --------- d-----w C:\Program Files\Mediafour 2008-06-24 19:23 --------- d-----w C:\Program Files\Common Files\Mediafour 2008-06-24 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mediafour 2008-06-21 13:50 --------- d-----w C:\Program Files\MyDVDTools 2008-06-21 11:45 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-06-18 18:40 --------- d-----w C:\Documents and Settings\Bojan\Application Data\MegauploadToolbar 2008-06-18 18:39 --------- d-----w C:\Program Files\MegauploadToolbar 2008-06-14 09:22 --------- d-----w C:\Program Files\XviD 2008-06-14 09:22 --------- d-----w C:\Program Files\ffdshow 2008-06-14 09:22 --------- d-----w C:\Program Files\DivX_311alpha 2008-06-14 09:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-14 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-06-14 09:20 --------- d-----w C:\Program Files\Codec Pack - All In 1 2008-06-14 09:19 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-06-12 22:26 --------- d-----w C:\Program Files\East West 2008-06-11 23:36 --------- d-----w C:\Program Files\Mv2Player 2008-06-09 23:24 --------- d-----w C:\Program Files\FDRLab 2008-06-07 17:13 --------- d-----w C:\Program Files\Winamp 2008-06-07 17:10 --------- d-----w C:\Program Files\EMI 2008-06-07 16:24 --------- d-----w C:\Program Files\ICQ6 2008-06-06 17:58 --------- d-----w C:\Program Files\Race - The WTCC Game 2008-06-05 03:30 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Syntrillium 2008-06-05 03:26 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy 2008-06-05 03:24 --------- d-----w C:\Program Files\InterLok 2008-06-05 03:24 --------- d-----w C:\Program Files\Digidesign 2008-06-05 03:23 --------- d-----w C:\Program Files\Common Files\Digidesign 2008-06-05 03:16 --------- d-----w C:\Program Files\Google 2008-06-05 03:16 --------- d-----w C:\Program Files\DAEMON Tools 2008-06-05 03:14 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Skype 2008-06-05 03:14 --------- d-----w C:\Documents and Settings\Bojan\Application Data\ICQ Toolbar 2008-06-05 03:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-06-05 03:13 --------- d-----w C:\Documents and Settings\Bojan\Application Data\skypePM 2008-06-05 03:12 --------- d-----w C:\Documents and Settings\Bojan\Application Data\ICQ 2008-06-05 03:10 --------- d-----w C:\Documents and Settings\Bojan\Application Data\vlc 2008-06-05 03:09 --------- d-----w C:\Program Files\Planplus 2008-06-05 03:08 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-05 03:05 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-06-05 03:04 --------- d-----w C:\Program Files\Logitech 2008-06-05 03:04 --------- d-----w C:\Program Files\Common Files\Logitech 2008-06-05 03:02 --------- d-----w C:\Program Files\Skype 2008-06-05 03:02 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-05 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-06-05 03:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-05 03:00 --------- d-----w C:\Documents and Settings\Bojan\Application Data\InstallShield 2008-06-05 02:58 --------- d-----w C:\Program Files\Nero 2008-06-05 02:58 --------- d-----w C:\Program Files\Fraunhofer DVD Codecs 2008-06-05 02:58 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-05 02:54 --------- d-----w C:\Program Files\VideoLAN 2008-06-05 02:54 --------- d-----w C:\Program Files\Opera 2008-06-05 02:34 --------- d-----w C:\Program Files\Alwil Software 2008-06-05 02:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-05 02:30 --------- d-----w C:\Program Files\ATI Technologies 2008-06-05 00:27 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-06-05 00:25 --------- d-----w C:\Program Files\Intel 2008-06-04 12:53 --------- d-----w C:\Program Files\microsoft frontpage 2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-06-06 16:21 1271032] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "SetDefaultMIDI"="MIDIDef.exe" [2008-03-20 15:19 31232 C:\WINDOWS\system32\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 13:27 159744] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-08-29 10:55 1966080] "DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824] "OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 19:53 2209224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe] "CTHelper"="CTHELPER.EXE" [2008-03-20 15:35 23040 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 15:35 23552 C:\WINDOWS\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll "wave1"= Digi32.dll "vidc.ffds"= C:\PROGRA~1\ffdshow\ffdshow.ax "vidc.xvid"= xvid.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "MIDI1"= diomidi.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Steam\\SteamApps\\bojan1979\\race\\Race_Steam.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50] R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-04-18 16:33] R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 11:15] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 02:16] R2 MacDriveServiceD;MacDriveServiceD;C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe [2007-04-18 11:58] R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-03-20 17:23] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2008-03-20 17:38] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2008-03-20 17:37] R3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 02:15] S3 Asushwio;Asushwio;H:\Bin\Asushwio.sys [] S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [] S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-03-20 17:23] S3 CT20XUT.SYS;CT20XUT.SYS;C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-03-20 17:36] S3 CT20XUT;CT20XUT;C:\WINDOWS\system32\drivers\CT20XUT.SYS [2008-03-20 17:36] S3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-03-20 17:23] S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-03-20 17:23] S3 CTEAPSFX.SYS;CTEAPSFX.SYS;C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2008-03-20 17:26] S3 CTEAPSFX;CTEAPSFX;C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2008-03-20 17:26] S3 CTEDSPFX.SYS;CTEDSPFX.SYS;C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2008-03-20 17:32] S3 CTEDSPFX;CTEDSPFX;C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2008-03-20 17:32] S3 CTEDSPIO;CTEDSPIO;C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2008-03-20 17:38] S3 CTEDSPSY;CTEDSPSY;C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2008-03-20 17:37] S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-03-20 17:36] S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-03-20 17:36] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-03-20 17:40] S3 CTEXFIFX;CTEXFIFX;C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2008-03-20 17:40] S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-03-20 17:37] S3 CTHWIUT;CTHWIUT;C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2008-03-20 17:37] S3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-03-20 17:25] S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-03-20 17:25] S3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 11:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ffe7da-375b-11dd-8d64-001d60800912}] \Shell\AutoRun\command - yo2mq6.exe \Shell\explore\Command - yo2mq6.exe \Shell\open\Command - yo2mq6.exe . Contents of the 'Scheduled Tasks' folder 2008-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Bojan\Application Data\Mozilla\Firefox\Profiles\0ecnk9ds.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava11.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava12.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava13.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava14.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjava32.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll FF -: plugin - C:\Program Files\Java\jre1.6.0_06\bin\npoji610.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 5\plugins\nppdf32.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-08-03 16:03:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-03 16:03:43 ComboFix-quarantined-files.txt 2008-08-03 14:03:40 Pre-Run: 11,889,422,336 bytes free Post-Run: 11,880,169,472 bytes free 270

Profil

dr_Bora Poslao: 03 Avg 2008 16:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Doista nije bilo potrebe da pokrećeš ComboFix dva puta. Što se tiče USB stickova (važi i za mp3 player-e, mobilne telefone)... Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker_beta.exe - startuj ga i odaberi opciju Auto block - ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi) - program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu) - gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick - dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa - ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni - zapamti kojim redom su ubacivani stickovi Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen. Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log. Automatski ce se otvoriti Notepad i u njemu izvestaj. Iskopiraj mi taj izvestaj ovde na forum.

Profil

kravadinka Poslao: 03 Avg 2008 16:55 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USB_blocker by bobby Started at 8/3/2008 16:51:20 Scanning for connected USB Mass storage... ======================================== I: 4024aa1f-6165-11dd-a6c0-001d7d018e7a ======================================== Scanning for other storage... ======================================== E: 33b12dfc-483d-11dd-b473-806d6172696f F: 43d8586a-5ea9-11dd-a6b3-001d7d018e7a C: 637b00c1-3242-11dd-bc19-806d6172696f D: 637b00c4-3242-11dd-bc19-806d6172696f ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== ======================================== New device connected at 8/3/2008 16:51:32 Scanning for connected USB Mass storage... ======================================== I: 4024aa1f-6165-11dd-a6c0-001d7d018e7a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 4024aa1f-6165-11dd-a6c0-001d7d018e7a ======================================== New device connected at 8/3/2008 16:52:12 Scanning for connected USB Mass storage... ======================================== I: 61e54894-4427-11dd-845a-001d60800912 ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: 61e54894-4427-11dd-845a-001d60800912 ========================================

Profil

dr_Bora Poslao: 03 Avg 2008 18:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

kravadinka Poslao: 03 Avg 2008 19:42 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno, imao bih samo jos jedno pitanje... Na svakom disku koji imam sada postoji folder autorun. koji ne mogu da obrisem, da li to znaci da ce taj fajl spreciti pojavu istog malware-a?! Takodje, da li ce i ostali sistemi koje imam (jos dva) biti zasticeni jer se na njihovim particijama nalazi ovaj fajl, to jest folder Autorun.inf?!

Profil

dr_Bora Poslao: 03 Avg 2008 21:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odgovor na oba pitanja je: trebalo bi da spreči infekciju tih USB-ova i oteža širenje infekcije na ostale diskove (ne mogu ti garantovati bilo šta - ja bih znao da obrišem te foldere, a ako mogu ja, onda može i malware, stoga...).

Profil

kravadinka Poslao: 04 Avg 2008 02:57 Idi na vrh
offline kravadinka Građanin Pridružio: 12 Nov 2007 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozes li mi reci kako da ih obrisem, ako mi ikada bude zatrebalo?!

Profil

dr_Bora Poslao: 04 Avg 2008 17:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Potrebno je obrisati file koji se nalazi unutar folder-a: Start - Run > cmd DEL \\.\X:\autorun.inf\"lpt3.This folder was created by Flash_Disinfector" X je oznaka diska.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Adobe.R, RavMonLog, Autorun.inf...

Ko je trenutno na forumu

Ukupno su 895 korisnika na forumu :: 11 registrovanih, 1 sakriven i 883 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, cemix, darkojbn, DonRumataEstorski, havoc995, mile09, milenko crazy north, Neutral-M, saputnik plavetnila, VJ, wolverined4

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by