Nepoznati program me izbacuje iz igrica i drugih programa

1

Nepoznati program me izbacuje iz igrica i drugih programa

offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

Napisano: 02 Avg 2013 19:24

Igram ja igricu i na svakih nekoliko sekundi me izbacuje iz igrice jer se kao otvara neki novi program u novom prozoru , a ja nisam dao komandu za otvaranje kompijuter sam hoce nesto da otvori ali nista se ne otvori ja se vratim u igricu prodje par sekundi pa opet sve isto. Nije to samo sa igricama isto se desava i sa ostalim stvarima.
Problem je poceo da se javlja danas kad sam upalio racunar posle 2 nedelje ne koriscenja.
Nemam ideju kako da resim problem.
Imam open adsl 4.63mbs

mycity.rs/must-login.png

Dopuna: 02 Avg 2013 19:29

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.11.2
Run by Korisnik 1 at 19:21:41 on 2013-08-02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.74 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MPK\mpk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\DOCUME~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Korisnik 1\vuhazcukenma.exe
C:\Documents and Settings\Korisnik 1\ziqycytakaxx.exe
C:\windows\sms.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gaxpa-search.com/
uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=113&systemid=406&sr=0
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\mpk\mpk.exe
mWinlogon: TaskMan = c:\docume~1\korisn~1\locals~1\temp\9651.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: bflix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -
BHO: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: BrotherSoft Extreme Toolbar: {51A86BB3-6602-4C85-92A5-130EE4864F13} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [System] C:\kernelcheck.exe
uRun: [HD VGA] "c:\documents and settings\korisnik 1\application data\hrtgf.exe"
uRun: [Windows System Controler] c:\windows\nvsvc32.exe
uRun: [Microsoft Windows Srvs] c:\documents and settings\korisnik 1\57484584663758364634738454\wincrsn.exe
uRun: [vuhazcukenma] c:\documents and settings\korisnik 1\vuhazcukenma.exe
uRun: [ziqycytakaxx] c:\documents and settings\korisnik 1\ziqycytakaxx.exe
uRun: [Heyoyv] c:\documents and settings\korisnik 1\application data\Heyoyv.exe
uRun: [Windows Messages Controler] c:\windows\sms.exe
uRun: [Google Update] "c:\documents and settings\korisnik 1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Audio Sound Blaster System] sabhost.exe
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [System] C:\kernelcheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows System Controler] c:\windows\nvsvc32.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [Windows Messages Controler] c:\windows\sms.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunServices: [Audio Sound Blaster System] sabhost.exe
mExplorerRun: [System Sound] c:\docume~1\korisn~1\locals~1\temp\\sysfnx.exe
mExplorerRun: [27241] c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10102F03-16E6-403E-85F3-B1B54F19C469} : DHCPNameServer = 10.11.12.254 212.200.45.11
TCP: Interfaces\{55ECE6A9-B7B8-419E-BBE7-EA64801A6D43} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {MN2YID86-02JS-RL0N-LV4P-7C4FUV8XPA6M} - c:\directory\cybergate\install\server.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik 1\application data\mozilla\firefox\profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - plugin: c:\documents and settings\korisnik 1\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-5-26 1714176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\korisn~1\locals~1\temp\eseadriver2.sys --> c:\docume~1\korisn~1\locals~1\temp\ESEADriver2.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-12-24 42512]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-10-8 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-10-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-10-8 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-10-8 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-10-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-10-8 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-10-8 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\iobit\game booster 3\driver\winring0.sys --> d:\program files\iobit\game booster 3\driver\WinRing0.sys [?]
.
=============== Created Last 30 ================
.
2013-07-11 21:21:07 -------- d--h--w- c:\program files\common files\EAInstaller
2013-07-11 20:35:43 -------- d-----w- c:\documents and settings\korisnik 1\application data\Origin
2013-07-11 20:35:37 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35:30 -------- d-----w- c:\documents and settings\korisnik 1\local settings\application data\Origin
2013-07-11 20:31:49 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-07-11 20:31:44 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2013-07-09 11:57:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38:46 -------- d-----w- c:\documents and settings\korisnik 1\application data\Babylon
2013-07-07 21:37:36 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2013-06-17 08:45:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 23:14:24 156160 --sh--r- c:\windows\sms.exe
.
============= FINISH: 19:22:49,62 ===============

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,
Zbog cega ti je avast iskljucen i ne azuriran?




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.



===== Potom =====


> Ponovo pokreni DDS i postavi svez DDS.txt log

offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 02.08.2013 20:38:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.281 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\e96e9f7721c52c06c39440c97850dae5_c
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\1\D0000
c:\documents and settings\All Users\Application Data\MPK\1\S0000
c:\documents and settings\All Users\Application Data\MPK\2\D0000
c:\documents and settings\All Users\Application Data\MPK\2\S0000
c:\documents and settings\All Users\Application Data\MPK\3\D0000
c:\documents and settings\All Users\Application Data\MPK\3\S0000
c:\documents and settings\All Users\Application Data\MPK\CPDM\cpfm.bin
c:\documents and settings\All Users\Application Data\MPK\etilqs_0sI32Z4TeTA7czpdJYzV
c:\documents and settings\All Users\Application Data\MPK\etilqs_0x2FOIPaHNxHcTrtapVs
c:\documents and settings\All Users\Application Data\MPK\etilqs_1aHPnu3SEhIeY0rpGocT
c:\documents and settings\All Users\Application Data\MPK\etilqs_2HzPAZxrSJUynRVa50eL
c:\documents and settings\All Users\Application Data\MPK\etilqs_2THUscKnwdtfuksHZ8bp
c:\documents and settings\All Users\Application Data\MPK\etilqs_2zcftYrD54eboOVbiOh3
c:\documents and settings\All Users\Application Data\MPK\etilqs_30A6NL5hLlzIJZ5Jj8hL
c:\documents and settings\All Users\Application Data\MPK\etilqs_8bXEqcNQpgu4B1Ti6vGG
c:\documents and settings\All Users\Application Data\MPK\etilqs_8h633UYTH7M09SNNTwYK
c:\documents and settings\All Users\Application Data\MPK\etilqs_boOfQzvpHSDHsZJU3wup
c:\documents and settings\All Users\Application Data\MPK\etilqs_cEqZjUjsCajhMDbaVRAj
c:\documents and settings\All Users\Application Data\MPK\etilqs_CQvt1vBYTnPyFlvaPwpC
c:\documents and settings\All Users\Application Data\MPK\etilqs_dCQ3h9MFpH3w20MrMcZE
c:\documents and settings\All Users\Application Data\MPK\etilqs_DjUgTrgljmhMrNzfLhON
c:\documents and settings\All Users\Application Data\MPK\etilqs_dSaViP2AEbgLOTg35BeQ
c:\documents and settings\All Users\Application Data\MPK\etilqs_fqqkKM02p53R2JldWrBK
c:\documents and settings\All Users\Application Data\MPK\etilqs_gcMAAsUT3CPZNzTycNHe
c:\documents and settings\All Users\Application Data\MPK\etilqs_Gi3MNcZ4DfONJfH6VZMP
c:\documents and settings\All Users\Application Data\MPK\etilqs_GnNdBqoJ1SLBOAxzWmOr
c:\documents and settings\All Users\Application Data\MPK\etilqs_h4nW0JU97iYPjHTDFmH2
c:\documents and settings\All Users\Application Data\MPK\etilqs_hDUD1GazJrBGweNaQrWk
c:\documents and settings\All Users\Application Data\MPK\etilqs_hVGo4fKTjNESQgClwev5
c:\documents and settings\All Users\Application Data\MPK\etilqs_IBQWRFaAmnnMJ6k85FOu
c:\documents and settings\All Users\Application Data\MPK\etilqs_ISByqYpRNCN4Gxm1T0sB
c:\documents and settings\All Users\Application Data\MPK\etilqs_Jt1k9edtYXEyFx5gUwkb
c:\documents and settings\All Users\Application Data\MPK\etilqs_Ly5eB5vgvw2AdEd5fxy0
c:\documents and settings\All Users\Application Data\MPK\etilqs_myHUSYAfjQqVS4Et59ID
c:\documents and settings\All Users\Application Data\MPK\etilqs_NbeHodGX8iqfnTpD5vOf
c:\documents and settings\All Users\Application Data\MPK\etilqs_ndjYMieDaLSg9ts8cbQi
c:\documents and settings\All Users\Application Data\MPK\etilqs_nnGvRIj4e85zcsLGLBEj
c:\documents and settings\All Users\Application Data\MPK\etilqs_nxPExfm2EuXeCTHr1Cnv
c:\documents and settings\All Users\Application Data\MPK\etilqs_ogopYCvHRizWJVa2lukG
c:\documents and settings\All Users\Application Data\MPK\etilqs_oyuPfY6fvkvvPTfbDmLb
c:\documents and settings\All Users\Application Data\MPK\etilqs_PoLXxJaSOmChrQcc2Fx5
c:\documents and settings\All Users\Application Data\MPK\etilqs_q0uOseNYnO8txOedeyPy
c:\documents and settings\All Users\Application Data\MPK\etilqs_QtSTqcOCMSNNAdZ4NRae
c:\documents and settings\All Users\Application Data\MPK\etilqs_QzNVu0kRLYHP6EVWBhEh
c:\documents and settings\All Users\Application Data\MPK\etilqs_SPMM2WDLJLw0YRERHO0n
c:\documents and settings\All Users\Application Data\MPK\etilqs_uyDpeWMfZ10nyzFNaxdO
c:\documents and settings\All Users\Application Data\MPK\etilqs_V6DdM3M4TBH4pHMETARe
c:\documents and settings\All Users\Application Data\MPK\etilqs_WflBMIUnEzCAZJxgoSKN
c:\documents and settings\All Users\Application Data\MPK\etilqs_wXHtorbgfCwBxmrZGxyd
c:\documents and settings\All Users\Application Data\MPK\etilqs_x4azlsG0cVaMTMRiAc4d
c:\documents and settings\All Users\Application Data\MPK\etilqs_Y6HkLPIEMWHYkEqsmLb7
c:\documents and settings\All Users\Application Data\MPK\etilqs_YbWN788guUvHp1zh66Df
c:\documents and settings\All Users\Application Data\MPK\etilqs_YlYezvWZnac8bM1sJcZa
c:\documents and settings\All Users\Application Data\MPK\M0000
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\Korisnik 1\57484584663758364634738454
c:\documents and settings\Korisnik 1\Application Data\1.exe
c:\documents and settings\Korisnik 1\Application Data\109.exe
c:\documents and settings\Korisnik 1\Application Data\11.exe
c:\documents and settings\Korisnik 1\Application Data\119.exe
c:\documents and settings\Korisnik 1\Application Data\126.exe
c:\documents and settings\Korisnik 1\Application Data\129.exe
c:\documents and settings\Korisnik 1\Application Data\12E.exe
c:\documents and settings\Korisnik 1\Application Data\13.exe
c:\documents and settings\Korisnik 1\Application Data\130.exe
c:\documents and settings\Korisnik 1\Application Data\132.exe
c:\documents and settings\Korisnik 1\Application Data\134.exe
c:\documents and settings\Korisnik 1\Application Data\136.exe
c:\documents and settings\Korisnik 1\Application Data\13D.exe
c:\documents and settings\Korisnik 1\Application Data\146.exe
c:\documents and settings\Korisnik 1\Application Data\147.exe
c:\documents and settings\Korisnik 1\Application Data\148.exe
c:\documents and settings\Korisnik 1\Application Data\149.exe
c:\documents and settings\Korisnik 1\Application Data\14A.exe
c:\documents and settings\Korisnik 1\Application Data\14B.exe
c:\documents and settings\Korisnik 1\Application Data\14C.exe
c:\documents and settings\Korisnik 1\Application Data\14D.exe
c:\documents and settings\Korisnik 1\Application Data\14E.exe
c:\documents and settings\Korisnik 1\Application Data\14F.exe
c:\documents and settings\Korisnik 1\Application Data\150.exe
c:\documents and settings\Korisnik 1\Application Data\151.exe
c:\documents and settings\Korisnik 1\Application Data\152.exe
c:\documents and settings\Korisnik 1\Application Data\153.exe
c:\documents and settings\Korisnik 1\Application Data\169.exe
c:\documents and settings\Korisnik 1\Application Data\176.exe
c:\documents and settings\Korisnik 1\Application Data\180.exe
c:\documents and settings\Korisnik 1\Application Data\187.exe
c:\documents and settings\Korisnik 1\Application Data\18B.exe
c:\documents and settings\Korisnik 1\Application Data\193.exe
c:\documents and settings\Korisnik 1\Application Data\197.exe
c:\documents and settings\Korisnik 1\Application Data\19A.exe
c:\documents and settings\Korisnik 1\Application Data\1A6.exe
c:\documents and settings\Korisnik 1\Application Data\1A7.exe
c:\documents and settings\Korisnik 1\Application Data\1A9.exe
c:\documents and settings\Korisnik 1\Application Data\1B0.exe
c:\documents and settings\Korisnik 1\Application Data\2.exe
c:\documents and settings\Korisnik 1\Application Data\4.exe
c:\documents and settings\Korisnik 1\Application Data\6.exe
c:\documents and settings\Korisnik 1\Application Data\98.exe
c:\documents and settings\Korisnik 1\Application Data\9F.exe
c:\documents and settings\Korisnik 1\Application Data\BD.exe
c:\documents and settings\Korisnik 1\Application Data\BF.exe
c:\documents and settings\Korisnik 1\Application Data\CC.exe
c:\documents and settings\Korisnik 1\Application Data\D3.exe
c:\documents and settings\Korisnik 1\Application Data\E6.exe
c:\documents and settings\Korisnik 1\Application Data\EE.exe
c:\documents and settings\Korisnik 1\Application Data\EF.exe
c:\documents and settings\Korisnik 1\Application Data\F.exe
c:\documents and settings\Korisnik 1\Application Data\FE.exe
c:\documents and settings\Korisnik 1\Application Data\hrtgf.exe
c:\documents and settings\Korisnik 1\Application Data\Korisnik 1log.dat
c:\documents and settings\Korisnik 1\vuhazcukenma.exe
c:\documents and settings\Korisnik 1\ziqycytakaxx.exe
C:\kernelcheck.exe
c:\windows\sms.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
C:\winlogon.exe
.
----- File Replicators -----
.
c:\documents and settings\Korisnik 1\Application Data\1.exe
c:\documents and settings\Korisnik 1\Application Data\109.exe
c:\documents and settings\Korisnik 1\Application Data\119.exe
c:\documents and settings\Korisnik 1\Application Data\126.exe
c:\documents and settings\Korisnik 1\Application Data\129.exe
c:\documents and settings\Korisnik 1\Application Data\12E.exe
c:\documents and settings\Korisnik 1\Application Data\13.exe
c:\documents and settings\Korisnik 1\Application Data\130.exe
c:\documents and settings\Korisnik 1\Application Data\132.exe
c:\documents and settings\Korisnik 1\Application Data\134.exe
c:\documents and settings\Korisnik 1\Application Data\136.exe
c:\documents and settings\Korisnik 1\Application Data\13D.exe
c:\documents and settings\Korisnik 1\Application Data\146.exe
c:\documents and settings\Korisnik 1\Application Data\147.exe
c:\documents and settings\Korisnik 1\Application Data\148.exe
c:\documents and settings\Korisnik 1\Application Data\149.exe
c:\documents and settings\Korisnik 1\Application Data\14A.exe
c:\documents and settings\Korisnik 1\Application Data\14B.exe
c:\documents and settings\Korisnik 1\Application Data\14C.exe
c:\documents and settings\Korisnik 1\Application Data\14D.exe
c:\documents and settings\Korisnik 1\Application Data\14E.exe
c:\documents and settings\Korisnik 1\Application Data\14F.exe
c:\documents and settings\Korisnik 1\Application Data\150.exe
c:\documents and settings\Korisnik 1\Application Data\151.exe
c:\documents and settings\Korisnik 1\Application Data\152.exe
c:\documents and settings\Korisnik 1\Application Data\153.exe
c:\documents and settings\Korisnik 1\Application Data\169.exe
c:\documents and settings\Korisnik 1\Application Data\176.exe
c:\documents and settings\Korisnik 1\Application Data\180.exe
c:\documents and settings\Korisnik 1\Application Data\187.exe
c:\documents and settings\Korisnik 1\Application Data\18B.exe
c:\documents and settings\Korisnik 1\Application Data\193.exe
c:\documents and settings\Korisnik 1\Application Data\197.exe
c:\documents and settings\Korisnik 1\Application Data\19A.exe
c:\documents and settings\Korisnik 1\Application Data\1A6.exe
c:\documents and settings\Korisnik 1\Application Data\1A7.exe
c:\documents and settings\Korisnik 1\Application Data\1A9.exe
c:\documents and settings\Korisnik 1\Application Data\1B0.exe
c:\documents and settings\Korisnik 1\Application Data\98.exe
c:\documents and settings\Korisnik 1\Application Data\9F.exe
c:\documents and settings\Korisnik 1\Application Data\BD.exe
c:\documents and settings\Korisnik 1\Application Data\CC.exe
c:\documents and settings\Korisnik 1\Application Data\D3.exe
c:\documents and settings\Korisnik 1\Application Data\E6.exe
c:\documents and settings\Korisnik 1\Application Data\EE.exe
c:\documents and settings\Korisnik 1\Application Data\EF.exe
c:\documents and settings\Korisnik 1\Application Data\FE.exe
c:\windows\sms.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38 . 2013-07-07 21:38 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Babylon
2013-07-07 21:37 . 2013-07-07 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Messages Controler"="c:\windows\sms.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Serviceio]
2911639038738026 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"vToolbarUpdater"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"c:\\Documents and Settings\\Korisnik 1\\M-100-4085-5427-4678\\winmgr.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56931:TCP"= 56931:TCP:Pando Media Booster
"56931:UDP"= 56931:UDP:Pando Media Booster
"41171:TCP"= 41171:TCP:mssys41171
"64517:TCP"= 64517:TCP:mssys64517
"55915:TCP"= 55915:TCP:mssys55915
"45954:TCP"= 45954:TCP:mssys45954
"42802:TCP"= 42802:TCP:mssys42802
"47311:TCP"= 47311:TCP:mssys47311
"42109:TCP"= 42109:TCP:mssys42109
"57743:TCP"= 57743:TCP:mssys57743
"64241:TCP"= 64241:TCP:mssys64241
"51802:TCP"= 51802:TCP:mssys51802
"54307:TCP"= 54307:TCP:mssys54307
"61461:TCP"= 61461:TCP:mssys61461
"58219:TCP"= 58219:TCP:mssys58219
"55640:TCP"= 55640:TCP:mssys55640
"44781:TCP"= 44781:TCP:mssys44781
"56117:TCP"= 56117:TCP:mssys56117
"47501:TCP"= 47501:TCP:mssys47501
"45744:TCP"= 45744:TCP:mssys45744
"58002:TCP"= 58002:TCP:mssys58002
"53161:TCP"= 53161:TCP:mssys53161
"42407:TCP"= 42407:TCP:mssys42407
"52689:TCP"= 52689:TCP:mssys52689
"55392:TCP"= 55392:TCP:mssys55392
"40319:TCP"= 40319:TCP:mssys40319
"60734:TCP"= 60734:TCP:mssys60734
"57964:TCP"= 57964:TCP:mssys57964
"44139:TCP"= 44139:TCP:mssys44139
"46415:TCP"= 46415:TCP:mssys46415
"52423:TCP"= 52423:TCP:mssys52423
"55533:TCP"= 55533:TCP:mssys55533
"48058:TCP"= 48058:TCP:mssys48058
"47645:TCP"= 47645:TCP:mssys47645
"57286:TCP"= 57286:TCP:mssys57286
"59057:TCP"= 59057:TCP:mssys59057
"63805:TCP"= 63805:TCP:mssys63805
"53176:TCP"= 53176:TCP:mssys53176
"56527:TCP"= 56527:TCP:mssys56527
"59333:TCP"= 59333:TCP:mssys59333
"41432:TCP"= 41432:TCP:mssys41432
"50835:TCP"= 50835:TCP:mssys50835
"62621:TCP"= 62621:TCP:mssys62621
"54651:TCP"= 54651:TCP:mssys54651
"64396:TCP"= 64396:TCP:mssys64396
"60255:TCP"= 60255:TCP:mssys60255
"64112:TCP"= 64112:TCP:mssys64112
"61973:TCP"= 61973:TCP:mssys61973
"60264:TCP"= 60264:TCP:mssys60264
"58197:TCP"= 58197:TCP:mssys58197
"51308:TCP"= 51308:TCP:mssys51308
"54627:TCP"= 54627:TCP:mssys54627
"58962:TCP"= 58962:TCP:mssys58962
"51178:TCP"= 51178:TCP:mssys51178
"62953:TCP"= 62953:TCP:mssys62953
"52248:TCP"= 52248:TCP:mssys52248
"63047:TCP"= 63047:TCP:mssys63047
"52556:TCP"= 52556:TCP:mssys52556
"59773:TCP"= 59773:TCP:mssys59773
"48145:TCP"= 48145:TCP:mssys48145
"61202:TCP"= 61202:TCP:mssys61202
"49540:TCP"= 49540:TCP:mssys49540
"62831:TCP"= 62831:TCP:mssys62831
"53286:TCP"= 53286:TCP:mssys53286
"43461:TCP"= 43461:TCP:mssys43461
"62017:TCP"= 62017:TCP:mssys62017
"55761:TCP"= 55761:TCP:mssys55761
"63525:TCP"= 63525:TCP:mssys63525
"54421:TCP"= 54421:TCP:mssys54421
"54189:TCP"= 54189:TCP:mssys54189
"52814:TCP"= 52814:TCP:mssys52814
"41156:TCP"= 41156:TCP:mssys41156
"44947:TCP"= 44947:TCP:mssys44947
"59185:TCP"= 59185:TCP:mssys59185
"46779:TCP"= 46779:TCP:mssys46779
"40890:TCP"= 40890:TCP:mssys40890
"46739:TCP"= 46739:TCP:mssys46739
"62173:TCP"= 62173:TCP:mssys62173
"53855:TCP"= 53855:TCP:mssys53855
"46886:TCP"= 46886:TCP:mssys46886
"42551:TCP"= 42551:TCP:mssys42551
"55438:TCP"= 55438:TCP:mssys55438
"43624:TCP"= 43624:TCP:mssys43624
"50837:TCP"= 50837:TCP:mssys50837
"58881:TCP"= 58881:TCP:mssys58881
"58421:TCP"= 58421:TCP:mssys58421
"55686:TCP"= 55686:TCP:mssys55686
"45441:TCP"= 45441:TCP:mssys45441
"46961:TCP"= 46961:TCP:mssys46961
"45065:TCP"= 45065:TCP:mssys45065
"51860:TCP"= 51860:TCP:mssys51860
"58277:TCP"= 58277:TCP:mssys58277
"50363:TCP"= 50363:TCP:mssys50363
"44326:TCP"= 44326:TCP:mssys44326
"64632:TCP"= 64632:TCP:mssys64632
"40972:TCP"= 40972:TCP:mssys40972
"46393:TCP"= 46393:TCP:mssys46393
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys --> c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [21.2.2012 22:13 869216]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - prefs.js: browser.startup.homepage - allstartpage.com
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
BHO-{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
Toolbar-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
Toolbar-10 - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HD VGA - c:\documents and settings\Korisnik 1\Application Data\hrtgf.exe
HKCU-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKCU-Run-Microsoft Windows Srvs - c:\documents and settings\Korisnik 1\57484584663758364634738454\wincrsn.exe
HKCU-Run-vuhazcukenma - c:\documents and settings\Korisnik 1\vuhazcukenma.exe
HKCU-Run-ziqycytakaxx - c:\documents and settings\Korisnik 1\ziqycytakaxx.exe
HKCU-Run-Windows Messages Controler - c:\windows\sms.exe
HKLM-Run-Audio Sound Blaster System - sabhost.exe
HKLM-Run-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
HKLM-Run-UpdatePDRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
HKLM-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKLM-Run-Windows Messages Controler - c:\windows\sms.exe
HKLM-Explorer_Run-System Sound - c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe
HKLM-Explorer_Run-27241 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
MSConfigStartUp-espaces - c:\premiumsoft\photofun\photofun.exe
MSConfigStartUp-GoTrusted - c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-System32 - c:\documents and settings\Korisnik 1\Application Data\logon.exe
MSConfigStartUp-Taskbar Shuffle - c:\program files\Taskbar Shuffle\taskbarshuffle.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-02 20:51
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Heyoyv = c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe 119296 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heyoyv"="c:\\Documents and Settings\\Korisnik 1\\Application Data\\Heyoyv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-02 20:56:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 18:56
.
Pre-Run: 15.939.497.984 bytes free
Post-Run: 15.841.959.936 bytes free
.
- - End Of File - - 88B6C991CFFB571645C862C19918B2E4
8F558EB6672622401DA993E1E865C861


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.11.2
Run by Korisnik 1 at 20:58:27 on 2013-08-02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.130 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mExplorerRun: [System Sound] c:\docume~1\korisn~1\locals~1\temp\\sysfnx.exe
mExplorerRun: [27241] c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10102F03-16E6-403E-85F3-B1B54F19C469} : DHCPNameServer = 10.11.12.254 212.200.45.11
TCP: Interfaces\{55ECE6A9-B7B8-419E-BBE7-EA64801A6D43} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik 1\application data\mozilla\firefox\profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - plugin: c:\documents and settings\korisnik 1\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-24 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-5-26 1714176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\korisn~1\locals~1\temp\eseadriver2.sys --> c:\docume~1\korisn~1\locals~1\temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-10-8 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-10-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-10-8 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-10-8 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-10-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-10-8 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-10-8 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\iobit\game booster 3\driver\winring0.sys --> d:\program files\iobit\game booster 3\driver\WinRing0.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-2-21 869216]
.
=============== Created Last 30 ================
.
2013-08-02 17:44:17 -------- d-sha-r- C:\cmdcons
2013-08-02 17:42:29 98816 ----a-w- c:\windows\sed.exe
2013-08-02 17:42:29 256000 ----a-w- c:\windows\PEV.exe
2013-08-02 17:42:29 208896 ----a-w- c:\windows\MBR.exe
2013-07-11 21:21:07 -------- d--h--w- c:\program files\common files\EAInstaller
2013-07-11 20:35:43 -------- d-----w- c:\documents and settings\korisnik 1\application data\Origin
2013-07-11 20:35:37 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35:30 -------- d-----w- c:\documents and settings\korisnik 1\local settings\application data\Origin
2013-07-11 20:31:49 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-07-11 20:31:44 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2013-07-09 11:57:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38:46 -------- d-----w- c:\documents and settings\korisnik 1\application data\Babylon
2013-07-07 21:37:36 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2013-06-17 08:45:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:59:00,23 ===============

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Arrow

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\documents and settings\Korisnik 1\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater
c:\program files\SweetIM
c:\program files\Ask.com
c:\program files\BrotherSoft_Extreme
c:\program files\blekkotb
c:\program files\ConduitEngine

KillAll::

File::
c:\windows\sms.exe
c:\windows\System32\Drivers\8b095404e56a27ff.sys
c:\windows\System32\Drivers\fd58800357b95401.sys
c:\Documents and Settings\Korisnik 1\Application Data\Heyoyv.exe
c:\docume~1\korisn~1\locals~1\temp\sysfnx.exe
c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd

ClearJavaCache::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Messages Controler"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Serviceio]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Korisnik 1\\M-100-4085-5427-4678\\winmgr.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heyoyv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"=-
"27241"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56931:TCP"=-
"56931:UDP"=-
"41171:TCP"=-
"64517:TCP"=-
"55915:TCP"=-
"45954:TCP"=-
"42802:TCP"=-
"47311:TCP"=-
"42109:TCP"=-
"57743:TCP"=-
"64241:TCP"=-
"51802:TCP"=-
"54307:TCP"=-
"61461:TCP"=-
"58219:TCP"=-
"55640:TCP"=-
"44781:TCP"=-
"56117:TCP"=-
"47501:TCP"=-
"45744:TCP"=-
"58002:TCP"=-
"53161:TCP"=-
"42407:TCP"=-
"52689:TCP"=-
"55392:TCP"=-
"40319:TCP"=-
"60734:TCP"=-
"57964:TCP"=-
"44139:TCP"=-
"46415:TCP"=-
"52423:TCP"=-
"55533:TCP"=-
"48058:TCP"=-
"47645:TCP"=-
"57286:TCP"=-
"59057:TCP"=-
"63805:TCP"=-
"53176:TCP"=-
"56527:TCP"=-
"59333:TCP"=-
"41432:TCP"=-
"50835:TCP"=-
"62621:TCP"=-
"54651:TCP"=-
"64396:TCP"=-
"60255:TCP"=-
"64112:TCP"=-
"61973:TCP"=-
"60264:TCP"=-
"58197:TCP"=-
"51308:TCP"=-
"54627:TCP"=-
"58962:TCP"=-
"51178:TCP"=-
"62953:TCP"=-
"52248:TCP"=-
"63047:TCP"=-
"52556:TCP"=-
"59773:TCP"=-
"48145:TCP"=-
"61202:TCP"=-
"49540:TCP"=-
"62831:TCP"=-
"53286:TCP"=-
"43461:TCP"=-
"62017:TCP"=-
"55761:TCP"=-
"63525:TCP"=-
"54421:TCP"=-
"54189:TCP"=-
"52814:TCP"=-
"41156:TCP"=-
"44947:TCP"=-
"59185:TCP"=-
"46779:TCP"=-
"40890:TCP"=-
"46739:TCP"=-
"62173:TCP"=-
"53855:TCP"=-
"46886:TCP"=-
"42551:TCP"=-
"55438:TCP"=-
"43624:TCP"=-
"50837:TCP"=-
"58881:TCP"=-
"58421:TCP"=-
"55686:TCP"=-
"45441:TCP"=-
"46961:TCP"=-
"45065:TCP"=-
"51860:TCP"=-
"58277:TCP"=-
"50363:TCP"=-
"44326:TCP"=-
"64632:TCP"=-
"40972:TCP"=-
"46393:TCP"=-

Driver::
8b095404e56a27ff
fd58800357b95401
vToolbarUpdater

DDS::
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -

Firefox::
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - prefs.js: browser.startup.homepage - allstartpage.com
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 02.08.2013 23:02:01.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.78 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd"
"c:\docume~1\korisn~1\locals~1\temp\sysfnx.exe"
"c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe"
"c:\windows\sms.exe"
"c:\windows\System32\Drivers\8b095404e56a27ff.sys"
"c:\windows\System32\Drivers\fd58800357b95401.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\documents and settings\Korisnik 1\Application Data\Babylon
c:\documents and settings\Korisnik 1\Application Data\Babylon\log_file.txt
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8B095404E56A27FF
-------\Legacy_FD58800357B95401
-------\Legacy_VTOOLBARUPDATER
-------\Service_8b095404e56a27ff
-------\Service_fd58800357b95401
-------\Service_vToolbarUpdater
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"="c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe" [BU]
"27241"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd" [BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys --> c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-02 23:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-02 23:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 21:15
ComboFix2.txt 2013-08-02 18:56
.
Pre-Run: 15.806.476.288 bytes free
Post-Run: 15.793.733.632 bytes free
.
- - End Of File - - 196738E94A7E949021928EB89279A5A6
8F558EB6672622401DA993E1E865C861

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"=-
"27241"=-

KillAll::

File::
c:\docume~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd
c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys

DDS::
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

Driver::
ESEADriver2


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 03.08.2013 2:15.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.200 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd"
"c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys"
"c:\docume~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESEADRIVER2
-------\Service_ESEADriver2
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"="c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe" [BU]
"27241"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd" [BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-03 02:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2272)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-03 02:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-03 00:29
ComboFix2.txt 2013-08-02 21:16
ComboFix3.txt 2013-08-02 18:56
.
Pre-Run: 15.654.871.040 bytes free
Post-Run: 15.645.474.816 bytes free
.
- - End Of File - - 58B30803802F3469C95BA4733C9E3088
8F558EB6672622401DA993E1E865C861

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Moramo koristiti ubojitiji alat da bi obrisali odredjene unose.


---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Korak #1



Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Registry values to delete:
HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run | System Sound
HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run | 27241

Files to delete:
C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe
C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.





---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Korak #2




Otvoriti Notepad i iskopirati sledeci tekst:


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

DDS::
Trusted Zone: fabasoft.com\folio



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe" not found!
Deletion of file "C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd" not found!
Deletion of file "C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run|System Sound" deleted successfully.
Registry value "HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run|27241" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


ComboFix 13-08-02.01 - Korisnik 1 03.08.2013 15:34:46.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.161 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-03 15:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3080)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-03 15:46:19
ComboFix-quarantined-files.txt 2013-08-03 13:46
ComboFix2.txt 2013-08-03 00:29
ComboFix3.txt 2013-08-02 21:16
ComboFix4.txt 2013-08-02 18:56
.
Pre-Run: 15.644.618.752 bytes free
Post-Run: 15.633.883.136 bytes free
.
- - End Of File - - E5967AD7831865844926D2EFAA07CDE5
8F558EB6672622401DA993E1E865C861

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Ovo sad izgleda mnogo bolje. Sistem je imao pravu malu kolekciju malware-a. U Ambulanti odavno nismo imali ovako razlicitu kolekciju raznog malware-a.

Jos neke dodatne provere ...



Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

sysfnx.exe;z
mshhouvac.cmd;z
c:\docume~1\KORISN~1\LOCALS~1\Temp\\;vs
c:\docume~1\ALLUSE~1\LOCALS~1\Temp;vs


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

Ko je trenutno na forumu
 

Ukupno su 954 korisnika na forumu :: 32 registrovanih, 2 sakrivenih i 920 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, babaroga, Ben Roj, Brana01, CikaKURE, cuculo, djboj, Duh sa sekirom, Džordžino, galerija, goxin, hatman, hyla, Istman, Još malo pa deda, Kaplar2, kolle.the.kid, Lazarus, Lieutenant, Magistar78, mercedesamg, mik7, nemkea71, Neutral-M, predragc, raptorsi, Romibrat, srbijaiznadsvega, Srky Boy, virked, Zerajic, zlatkoa987