MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati program me izbacuje iz igrica i drugih programa

Nepoznati program me izbacuje iz igrica i drugih programa

Napisano na dan: 2.8.2013
1

Nepoznati program me izbacuje iz igrica i drugih programa
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Avg 2013 19:29
Idi na vrh
offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

Napisano: 02 Avg 2013 19:24

Igram ja igricu i na svakih nekoliko sekundi me izbacuje iz igrice jer se kao otvara neki novi program u novom prozoru , a ja nisam dao komandu za otvaranje kompijuter sam hoce nesto da otvori ali nista se ne otvori ja se vratim u igricu prodje par sekundi pa opet sve isto. Nije to samo sa igricama isto se desava i sa ostalim stvarima.
Problem je poceo da se javlja danas kad sam upalio racunar posle 2 nedelje ne koriscenja.
Nemam ideju kako da resim problem.
Imam open adsl 4.63mbs

mycity.rs/must-login.png

Dopuna: 02 Avg 2013 19:29

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.11.2
Run by Korisnik 1 at 19:21:41 on 2013-08-02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.74 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\MPK\mpk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\DOCUME~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Korisnik 1\vuhazcukenma.exe
C:\Documents and Settings\Korisnik 1\ziqycytakaxx.exe
C:\windows\sms.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gaxpa-search.com/
uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=113&systemid=406&sr=0
mStart Page = hxxp://home.sweetim.com
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\mpk\mpk.exe
mWinlogon: TaskMan = c:\docume~1\korisn~1\locals~1\temp\9651.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: bflix Class: {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -
BHO: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: BrotherSoft Extreme Toolbar: {51A86BB3-6602-4C85-92A5-130EE4864F13} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [System] C:\kernelcheck.exe
uRun: [HD VGA] "c:\documents and settings\korisnik 1\application data\hrtgf.exe"
uRun: [Windows System Controler] c:\windows\nvsvc32.exe
uRun: [Microsoft Windows Srvs] c:\documents and settings\korisnik 1\57484584663758364634738454\wincrsn.exe
uRun: [vuhazcukenma] c:\documents and settings\korisnik 1\vuhazcukenma.exe
uRun: [ziqycytakaxx] c:\documents and settings\korisnik 1\ziqycytakaxx.exe
uRun: [Heyoyv] c:\documents and settings\korisnik 1\application data\Heyoyv.exe
uRun: [Windows Messages Controler] c:\windows\sms.exe
uRun: [Google Update] "c:\documents and settings\korisnik 1\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Audio Sound Blaster System] sabhost.exe
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [System] C:\kernelcheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows System Controler] c:\windows\nvsvc32.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [Windows Messages Controler] c:\windows\sms.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunServices: [Audio Sound Blaster System] sabhost.exe
mExplorerRun: [System Sound] c:\docume~1\korisn~1\locals~1\temp\\sysfnx.exe
mExplorerRun: [27241] c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10102F03-16E6-403E-85F3-B1B54F19C469} : DHCPNameServer = 10.11.12.254 212.200.45.11
TCP: Interfaces\{55ECE6A9-B7B8-419E-BBE7-EA64801A6D43} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {MN2YID86-02JS-RL0N-LV4P-7C4FUV8XPA6M} - c:\directory\cybergate\install\server.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik 1\application data\mozilla\firefox\profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - plugin: c:\documents and settings\korisnik 1\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-5-26 1714176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\korisn~1\locals~1\temp\eseadriver2.sys --> c:\docume~1\korisn~1\locals~1\temp\ESEADriver2.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-12-24 42512]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-10-8 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-10-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-10-8 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-10-8 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-10-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-10-8 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-10-8 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\iobit\game booster 3\driver\winring0.sys --> d:\program files\iobit\game booster 3\driver\WinRing0.sys [?]
.
=============== Created Last 30 ================
.
2013-07-11 21:21:07 -------- d--h--w- c:\program files\common files\EAInstaller
2013-07-11 20:35:43 -------- d-----w- c:\documents and settings\korisnik 1\application data\Origin
2013-07-11 20:35:37 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35:30 -------- d-----w- c:\documents and settings\korisnik 1\local settings\application data\Origin
2013-07-11 20:31:49 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-07-11 20:31:44 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2013-07-09 11:57:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38:46 -------- d-----w- c:\documents and settings\korisnik 1\application data\Babylon
2013-07-07 21:37:36 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2013-06-17 08:45:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 23:14:24 156160 --sh--r- c:\windows\sms.exe
.
============= FINISH: 19:22:49,62 ===============

mycity.rs/must-login.png

Poslao: 02 Avg 2013 19:36
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav,
Zbog cega ti je avast iskljucen i ne azuriran?




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.


===== Potom =====


> Ponovo pokreni DDS i postavi svez DDS.txt log

Poslao: 02 Avg 2013 20:59
Idi na vrh
offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 02.08.2013 20:38:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.281 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\e96e9f7721c52c06c39440c97850dae5_c
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\1\D0000
c:\documents and settings\All Users\Application Data\MPK\1\S0000
c:\documents and settings\All Users\Application Data\MPK\2\D0000
c:\documents and settings\All Users\Application Data\MPK\2\S0000
c:\documents and settings\All Users\Application Data\MPK\3\D0000
c:\documents and settings\All Users\Application Data\MPK\3\S0000
c:\documents and settings\All Users\Application Data\MPK\CPDM\cpfm.bin
c:\documents and settings\All Users\Application Data\MPK\etilqs_0sI32Z4TeTA7czpdJYzV
c:\documents and settings\All Users\Application Data\MPK\etilqs_0x2FOIPaHNxHcTrtapVs
c:\documents and settings\All Users\Application Data\MPK\etilqs_1aHPnu3SEhIeY0rpGocT
c:\documents and settings\All Users\Application Data\MPK\etilqs_2HzPAZxrSJUynRVa50eL
c:\documents and settings\All Users\Application Data\MPK\etilqs_2THUscKnwdtfuksHZ8bp
c:\documents and settings\All Users\Application Data\MPK\etilqs_2zcftYrD54eboOVbiOh3
c:\documents and settings\All Users\Application Data\MPK\etilqs_30A6NL5hLlzIJZ5Jj8hL
c:\documents and settings\All Users\Application Data\MPK\etilqs_8bXEqcNQpgu4B1Ti6vGG
c:\documents and settings\All Users\Application Data\MPK\etilqs_8h633UYTH7M09SNNTwYK
c:\documents and settings\All Users\Application Data\MPK\etilqs_boOfQzvpHSDHsZJU3wup
c:\documents and settings\All Users\Application Data\MPK\etilqs_cEqZjUjsCajhMDbaVRAj
c:\documents and settings\All Users\Application Data\MPK\etilqs_CQvt1vBYTnPyFlvaPwpC
c:\documents and settings\All Users\Application Data\MPK\etilqs_dCQ3h9MFpH3w20MrMcZE
c:\documents and settings\All Users\Application Data\MPK\etilqs_DjUgTrgljmhMrNzfLhON
c:\documents and settings\All Users\Application Data\MPK\etilqs_dSaViP2AEbgLOTg35BeQ
c:\documents and settings\All Users\Application Data\MPK\etilqs_fqqkKM02p53R2JldWrBK
c:\documents and settings\All Users\Application Data\MPK\etilqs_gcMAAsUT3CPZNzTycNHe
c:\documents and settings\All Users\Application Data\MPK\etilqs_Gi3MNcZ4DfONJfH6VZMP
c:\documents and settings\All Users\Application Data\MPK\etilqs_GnNdBqoJ1SLBOAxzWmOr
c:\documents and settings\All Users\Application Data\MPK\etilqs_h4nW0JU97iYPjHTDFmH2
c:\documents and settings\All Users\Application Data\MPK\etilqs_hDUD1GazJrBGweNaQrWk
c:\documents and settings\All Users\Application Data\MPK\etilqs_hVGo4fKTjNESQgClwev5
c:\documents and settings\All Users\Application Data\MPK\etilqs_IBQWRFaAmnnMJ6k85FOu
c:\documents and settings\All Users\Application Data\MPK\etilqs_ISByqYpRNCN4Gxm1T0sB
c:\documents and settings\All Users\Application Data\MPK\etilqs_Jt1k9edtYXEyFx5gUwkb
c:\documents and settings\All Users\Application Data\MPK\etilqs_Ly5eB5vgvw2AdEd5fxy0
c:\documents and settings\All Users\Application Data\MPK\etilqs_myHUSYAfjQqVS4Et59ID
c:\documents and settings\All Users\Application Data\MPK\etilqs_NbeHodGX8iqfnTpD5vOf
c:\documents and settings\All Users\Application Data\MPK\etilqs_ndjYMieDaLSg9ts8cbQi
c:\documents and settings\All Users\Application Data\MPK\etilqs_nnGvRIj4e85zcsLGLBEj
c:\documents and settings\All Users\Application Data\MPK\etilqs_nxPExfm2EuXeCTHr1Cnv
c:\documents and settings\All Users\Application Data\MPK\etilqs_ogopYCvHRizWJVa2lukG
c:\documents and settings\All Users\Application Data\MPK\etilqs_oyuPfY6fvkvvPTfbDmLb
c:\documents and settings\All Users\Application Data\MPK\etilqs_PoLXxJaSOmChrQcc2Fx5
c:\documents and settings\All Users\Application Data\MPK\etilqs_q0uOseNYnO8txOedeyPy
c:\documents and settings\All Users\Application Data\MPK\etilqs_QtSTqcOCMSNNAdZ4NRae
c:\documents and settings\All Users\Application Data\MPK\etilqs_QzNVu0kRLYHP6EVWBhEh
c:\documents and settings\All Users\Application Data\MPK\etilqs_SPMM2WDLJLw0YRERHO0n
c:\documents and settings\All Users\Application Data\MPK\etilqs_uyDpeWMfZ10nyzFNaxdO
c:\documents and settings\All Users\Application Data\MPK\etilqs_V6DdM3M4TBH4pHMETARe
c:\documents and settings\All Users\Application Data\MPK\etilqs_WflBMIUnEzCAZJxgoSKN
c:\documents and settings\All Users\Application Data\MPK\etilqs_wXHtorbgfCwBxmrZGxyd
c:\documents and settings\All Users\Application Data\MPK\etilqs_x4azlsG0cVaMTMRiAc4d
c:\documents and settings\All Users\Application Data\MPK\etilqs_Y6HkLPIEMWHYkEqsmLb7
c:\documents and settings\All Users\Application Data\MPK\etilqs_YbWN788guUvHp1zh66Df
c:\documents and settings\All Users\Application Data\MPK\etilqs_YlYezvWZnac8bM1sJcZa
c:\documents and settings\All Users\Application Data\MPK\M0000
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\Korisnik 1\57484584663758364634738454
c:\documents and settings\Korisnik 1\Application Data\1.exe
c:\documents and settings\Korisnik 1\Application Data\109.exe
c:\documents and settings\Korisnik 1\Application Data\11.exe
c:\documents and settings\Korisnik 1\Application Data\119.exe
c:\documents and settings\Korisnik 1\Application Data\126.exe
c:\documents and settings\Korisnik 1\Application Data\129.exe
c:\documents and settings\Korisnik 1\Application Data\12E.exe
c:\documents and settings\Korisnik 1\Application Data\13.exe
c:\documents and settings\Korisnik 1\Application Data\130.exe
c:\documents and settings\Korisnik 1\Application Data\132.exe
c:\documents and settings\Korisnik 1\Application Data\134.exe
c:\documents and settings\Korisnik 1\Application Data\136.exe
c:\documents and settings\Korisnik 1\Application Data\13D.exe
c:\documents and settings\Korisnik 1\Application Data\146.exe
c:\documents and settings\Korisnik 1\Application Data\147.exe
c:\documents and settings\Korisnik 1\Application Data\148.exe
c:\documents and settings\Korisnik 1\Application Data\149.exe
c:\documents and settings\Korisnik 1\Application Data\14A.exe
c:\documents and settings\Korisnik 1\Application Data\14B.exe
c:\documents and settings\Korisnik 1\Application Data\14C.exe
c:\documents and settings\Korisnik 1\Application Data\14D.exe
c:\documents and settings\Korisnik 1\Application Data\14E.exe
c:\documents and settings\Korisnik 1\Application Data\14F.exe
c:\documents and settings\Korisnik 1\Application Data\150.exe
c:\documents and settings\Korisnik 1\Application Data\151.exe
c:\documents and settings\Korisnik 1\Application Data\152.exe
c:\documents and settings\Korisnik 1\Application Data\153.exe
c:\documents and settings\Korisnik 1\Application Data\169.exe
c:\documents and settings\Korisnik 1\Application Data\176.exe
c:\documents and settings\Korisnik 1\Application Data\180.exe
c:\documents and settings\Korisnik 1\Application Data\187.exe
c:\documents and settings\Korisnik 1\Application Data\18B.exe
c:\documents and settings\Korisnik 1\Application Data\193.exe
c:\documents and settings\Korisnik 1\Application Data\197.exe
c:\documents and settings\Korisnik 1\Application Data\19A.exe
c:\documents and settings\Korisnik 1\Application Data\1A6.exe
c:\documents and settings\Korisnik 1\Application Data\1A7.exe
c:\documents and settings\Korisnik 1\Application Data\1A9.exe
c:\documents and settings\Korisnik 1\Application Data\1B0.exe
c:\documents and settings\Korisnik 1\Application Data\2.exe
c:\documents and settings\Korisnik 1\Application Data\4.exe
c:\documents and settings\Korisnik 1\Application Data\6.exe
c:\documents and settings\Korisnik 1\Application Data\98.exe
c:\documents and settings\Korisnik 1\Application Data\9F.exe
c:\documents and settings\Korisnik 1\Application Data\BD.exe
c:\documents and settings\Korisnik 1\Application Data\BF.exe
c:\documents and settings\Korisnik 1\Application Data\CC.exe
c:\documents and settings\Korisnik 1\Application Data\D3.exe
c:\documents and settings\Korisnik 1\Application Data\E6.exe
c:\documents and settings\Korisnik 1\Application Data\EE.exe
c:\documents and settings\Korisnik 1\Application Data\EF.exe
c:\documents and settings\Korisnik 1\Application Data\F.exe
c:\documents and settings\Korisnik 1\Application Data\FE.exe
c:\documents and settings\Korisnik 1\Application Data\hrtgf.exe
c:\documents and settings\Korisnik 1\Application Data\Korisnik 1log.dat
c:\documents and settings\Korisnik 1\vuhazcukenma.exe
c:\documents and settings\Korisnik 1\ziqycytakaxx.exe
C:\kernelcheck.exe
c:\windows\sms.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
C:\winlogon.exe
.
----- File Replicators -----
.
c:\documents and settings\Korisnik 1\Application Data\1.exe
c:\documents and settings\Korisnik 1\Application Data\109.exe
c:\documents and settings\Korisnik 1\Application Data\119.exe
c:\documents and settings\Korisnik 1\Application Data\126.exe
c:\documents and settings\Korisnik 1\Application Data\129.exe
c:\documents and settings\Korisnik 1\Application Data\12E.exe
c:\documents and settings\Korisnik 1\Application Data\13.exe
c:\documents and settings\Korisnik 1\Application Data\130.exe
c:\documents and settings\Korisnik 1\Application Data\132.exe
c:\documents and settings\Korisnik 1\Application Data\134.exe
c:\documents and settings\Korisnik 1\Application Data\136.exe
c:\documents and settings\Korisnik 1\Application Data\13D.exe
c:\documents and settings\Korisnik 1\Application Data\146.exe
c:\documents and settings\Korisnik 1\Application Data\147.exe
c:\documents and settings\Korisnik 1\Application Data\148.exe
c:\documents and settings\Korisnik 1\Application Data\149.exe
c:\documents and settings\Korisnik 1\Application Data\14A.exe
c:\documents and settings\Korisnik 1\Application Data\14B.exe
c:\documents and settings\Korisnik 1\Application Data\14C.exe
c:\documents and settings\Korisnik 1\Application Data\14D.exe
c:\documents and settings\Korisnik 1\Application Data\14E.exe
c:\documents and settings\Korisnik 1\Application Data\14F.exe
c:\documents and settings\Korisnik 1\Application Data\150.exe
c:\documents and settings\Korisnik 1\Application Data\151.exe
c:\documents and settings\Korisnik 1\Application Data\152.exe
c:\documents and settings\Korisnik 1\Application Data\153.exe
c:\documents and settings\Korisnik 1\Application Data\169.exe
c:\documents and settings\Korisnik 1\Application Data\176.exe
c:\documents and settings\Korisnik 1\Application Data\180.exe
c:\documents and settings\Korisnik 1\Application Data\187.exe
c:\documents and settings\Korisnik 1\Application Data\18B.exe
c:\documents and settings\Korisnik 1\Application Data\193.exe
c:\documents and settings\Korisnik 1\Application Data\197.exe
c:\documents and settings\Korisnik 1\Application Data\19A.exe
c:\documents and settings\Korisnik 1\Application Data\1A6.exe
c:\documents and settings\Korisnik 1\Application Data\1A7.exe
c:\documents and settings\Korisnik 1\Application Data\1A9.exe
c:\documents and settings\Korisnik 1\Application Data\1B0.exe
c:\documents and settings\Korisnik 1\Application Data\98.exe
c:\documents and settings\Korisnik 1\Application Data\9F.exe
c:\documents and settings\Korisnik 1\Application Data\BD.exe
c:\documents and settings\Korisnik 1\Application Data\CC.exe
c:\documents and settings\Korisnik 1\Application Data\D3.exe
c:\documents and settings\Korisnik 1\Application Data\E6.exe
c:\documents and settings\Korisnik 1\Application Data\EE.exe
c:\documents and settings\Korisnik 1\Application Data\EF.exe
c:\documents and settings\Korisnik 1\Application Data\FE.exe
c:\windows\sms.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38 . 2013-07-07 21:38 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Babylon
2013-07-07 21:37 . 2013-07-07 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Messages Controler"="c:\windows\sms.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Serviceio]
2911639038738026 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"vToolbarUpdater"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"c:\\Documents and Settings\\Korisnik 1\\M-100-4085-5427-4678\\winmgr.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56931:TCP"= 56931:TCP:Pando Media Booster
"56931:UDP"= 56931:UDP:Pando Media Booster
"41171:TCP"= 41171:TCP:mssys41171
"64517:TCP"= 64517:TCP:mssys64517
"55915:TCP"= 55915:TCP:mssys55915
"45954:TCP"= 45954:TCP:mssys45954
"42802:TCP"= 42802:TCP:mssys42802
"47311:TCP"= 47311:TCP:mssys47311
"42109:TCP"= 42109:TCP:mssys42109
"57743:TCP"= 57743:TCP:mssys57743
"64241:TCP"= 64241:TCP:mssys64241
"51802:TCP"= 51802:TCP:mssys51802
"54307:TCP"= 54307:TCP:mssys54307
"61461:TCP"= 61461:TCP:mssys61461
"58219:TCP"= 58219:TCP:mssys58219
"55640:TCP"= 55640:TCP:mssys55640
"44781:TCP"= 44781:TCP:mssys44781
"56117:TCP"= 56117:TCP:mssys56117
"47501:TCP"= 47501:TCP:mssys47501
"45744:TCP"= 45744:TCP:mssys45744
"58002:TCP"= 58002:TCP:mssys58002
"53161:TCP"= 53161:TCP:mssys53161
"42407:TCP"= 42407:TCP:mssys42407
"52689:TCP"= 52689:TCP:mssys52689
"55392:TCP"= 55392:TCP:mssys55392
"40319:TCP"= 40319:TCP:mssys40319
"60734:TCP"= 60734:TCP:mssys60734
"57964:TCP"= 57964:TCP:mssys57964
"44139:TCP"= 44139:TCP:mssys44139
"46415:TCP"= 46415:TCP:mssys46415
"52423:TCP"= 52423:TCP:mssys52423
"55533:TCP"= 55533:TCP:mssys55533
"48058:TCP"= 48058:TCP:mssys48058
"47645:TCP"= 47645:TCP:mssys47645
"57286:TCP"= 57286:TCP:mssys57286
"59057:TCP"= 59057:TCP:mssys59057
"63805:TCP"= 63805:TCP:mssys63805
"53176:TCP"= 53176:TCP:mssys53176
"56527:TCP"= 56527:TCP:mssys56527
"59333:TCP"= 59333:TCP:mssys59333
"41432:TCP"= 41432:TCP:mssys41432
"50835:TCP"= 50835:TCP:mssys50835
"62621:TCP"= 62621:TCP:mssys62621
"54651:TCP"= 54651:TCP:mssys54651
"64396:TCP"= 64396:TCP:mssys64396
"60255:TCP"= 60255:TCP:mssys60255
"64112:TCP"= 64112:TCP:mssys64112
"61973:TCP"= 61973:TCP:mssys61973
"60264:TCP"= 60264:TCP:mssys60264
"58197:TCP"= 58197:TCP:mssys58197
"51308:TCP"= 51308:TCP:mssys51308
"54627:TCP"= 54627:TCP:mssys54627
"58962:TCP"= 58962:TCP:mssys58962
"51178:TCP"= 51178:TCP:mssys51178
"62953:TCP"= 62953:TCP:mssys62953
"52248:TCP"= 52248:TCP:mssys52248
"63047:TCP"= 63047:TCP:mssys63047
"52556:TCP"= 52556:TCP:mssys52556
"59773:TCP"= 59773:TCP:mssys59773
"48145:TCP"= 48145:TCP:mssys48145
"61202:TCP"= 61202:TCP:mssys61202
"49540:TCP"= 49540:TCP:mssys49540
"62831:TCP"= 62831:TCP:mssys62831
"53286:TCP"= 53286:TCP:mssys53286
"43461:TCP"= 43461:TCP:mssys43461
"62017:TCP"= 62017:TCP:mssys62017
"55761:TCP"= 55761:TCP:mssys55761
"63525:TCP"= 63525:TCP:mssys63525
"54421:TCP"= 54421:TCP:mssys54421
"54189:TCP"= 54189:TCP:mssys54189
"52814:TCP"= 52814:TCP:mssys52814
"41156:TCP"= 41156:TCP:mssys41156
"44947:TCP"= 44947:TCP:mssys44947
"59185:TCP"= 59185:TCP:mssys59185
"46779:TCP"= 46779:TCP:mssys46779
"40890:TCP"= 40890:TCP:mssys40890
"46739:TCP"= 46739:TCP:mssys46739
"62173:TCP"= 62173:TCP:mssys62173
"53855:TCP"= 53855:TCP:mssys53855
"46886:TCP"= 46886:TCP:mssys46886
"42551:TCP"= 42551:TCP:mssys42551
"55438:TCP"= 55438:TCP:mssys55438
"43624:TCP"= 43624:TCP:mssys43624
"50837:TCP"= 50837:TCP:mssys50837
"58881:TCP"= 58881:TCP:mssys58881
"58421:TCP"= 58421:TCP:mssys58421
"55686:TCP"= 55686:TCP:mssys55686
"45441:TCP"= 45441:TCP:mssys45441
"46961:TCP"= 46961:TCP:mssys46961
"45065:TCP"= 45065:TCP:mssys45065
"51860:TCP"= 51860:TCP:mssys51860
"58277:TCP"= 58277:TCP:mssys58277
"50363:TCP"= 50363:TCP:mssys50363
"44326:TCP"= 44326:TCP:mssys44326
"64632:TCP"= 64632:TCP:mssys64632
"40972:TCP"= 40972:TCP:mssys40972
"46393:TCP"= 46393:TCP:mssys46393
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys --> c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [21.2.2012 22:13 869216]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - prefs.js: browser.startup.homepage - allstartpage.com
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
BHO-{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
Toolbar-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
Toolbar-10 - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - c:\program files\BrotherSoft_Extreme\prxtbBrot.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HD VGA - c:\documents and settings\Korisnik 1\Application Data\hrtgf.exe
HKCU-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKCU-Run-Microsoft Windows Srvs - c:\documents and settings\Korisnik 1\57484584663758364634738454\wincrsn.exe
HKCU-Run-vuhazcukenma - c:\documents and settings\Korisnik 1\vuhazcukenma.exe
HKCU-Run-ziqycytakaxx - c:\documents and settings\Korisnik 1\ziqycytakaxx.exe
HKCU-Run-Windows Messages Controler - c:\windows\sms.exe
HKLM-Run-Audio Sound Blaster System - sabhost.exe
HKLM-Run-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
HKLM-Run-UpdatePDRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
HKLM-Run-Windows System Controler - c:\windows\nvsvc32.exe
HKLM-Run-Windows Messages Controler - c:\windows\sms.exe
HKLM-Explorer_Run-System Sound - c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe
HKLM-Explorer_Run-27241 - c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
MSConfigStartUp-espaces - c:\premiumsoft\photofun\photofun.exe
MSConfigStartUp-GoTrusted - c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.1.5\GoTrusted Secure Tunnel.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-System32 - c:\documents and settings\Korisnik 1\Application Data\logon.exe
MSConfigStartUp-Taskbar Shuffle - c:\program files\Taskbar Shuffle\taskbarshuffle.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-02 20:51
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Heyoyv = c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe 119296 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heyoyv"="c:\\Documents and Settings\\Korisnik 1\\Application Data\\Heyoyv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-02 20:56:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 18:56
.
Pre-Run: 15.939.497.984 bytes free
Post-Run: 15.841.959.936 bytes free
.
- - End Of File - - 88B6C991CFFB571645C862C19918B2E4
8F558EB6672622401DA993E1E865C861


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.11.2
Run by Korisnik 1 at 20:58:27 on 2013-08-02
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.130 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mExplorerRun: [System Sound] c:\docume~1\korisn~1\locals~1\temp\\sysfnx.exe
mExplorerRun: [27241] c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10102F03-16E6-403E-85F3-B1B54F19C469} : DHCPNameServer = 10.11.12.254 212.200.45.11
TCP: Interfaces\{55ECE6A9-B7B8-419E-BBE7-EA64801A6D43} : DHCPNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik 1\application data\mozilla\firefox\profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - plugin: c:\documents and settings\korisnik 1\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 8b095404e56a27ff;ziqycytakaxx.exe;\SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys --> \SystemRoot\\SystemRoot\System32\Drivers\8b095404e56a27ff.sys [?]
R0 fd58800357b95401;vuhazcukenma.exe;\SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys --> \SystemRoot\\SystemRoot\System32\Drivers\fd58800357b95401.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-24 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [2008-3-18 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-5-26 1714176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-1-1 40384]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\korisn~1\locals~1\temp\eseadriver2.sys --> c:\docume~1\korisn~1\locals~1\temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-10-8 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-10-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-10-8 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-10-8 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-10-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-10-8 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-10-8 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\iobit\game booster 3\driver\winring0.sys --> d:\program files\iobit\game booster 3\driver\WinRing0.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-2-21 869216]
.
=============== Created Last 30 ================
.
2013-08-02 17:44:17 -------- d-sha-r- C:\cmdcons
2013-08-02 17:42:29 98816 ----a-w- c:\windows\sed.exe
2013-08-02 17:42:29 256000 ----a-w- c:\windows\PEV.exe
2013-08-02 17:42:29 208896 ----a-w- c:\windows\MBR.exe
2013-07-11 21:21:07 -------- d--h--w- c:\program files\common files\EAInstaller
2013-07-11 20:35:43 -------- d-----w- c:\documents and settings\korisnik 1\application data\Origin
2013-07-11 20:35:37 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35:30 -------- d-----w- c:\documents and settings\korisnik 1\local settings\application data\Origin
2013-07-11 20:31:49 -------- d-----w- c:\documents and settings\all users\application data\Origin
2013-07-11 20:31:44 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2013-07-09 11:57:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-07 21:38:46 -------- d-----w- c:\documents and settings\korisnik 1\application data\Babylon
2013-07-07 21:37:36 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
.
==================== Find3M ====================
.
2013-06-17 08:45:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:59:00,23 ===============

Poslao: 02 Avg 2013 21:54
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Arrow

Otvoriti Notepad i iskopirati sledeci tekst:


Folder::
c:\documents and settings\Korisnik 1\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater
c:\program files\SweetIM
c:\program files\Ask.com
c:\program files\BrotherSoft_Extreme
c:\program files\blekkotb
c:\program files\ConduitEngine

KillAll::

File::
c:\windows\sms.exe
c:\windows\System32\Drivers\8b095404e56a27ff.sys
c:\windows\System32\Drivers\fd58800357b95401.sys
c:\Documents and Settings\Korisnik 1\Application Data\Heyoyv.exe
c:\docume~1\korisn~1\locals~1\temp\sysfnx.exe
c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd

ClearJavaCache::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Messages Controler"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Serviceio]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Korisnik 1\\M-100-4085-5427-4678\\winmgr.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Heyoyv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"=-
"27241"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56931:TCP"=-
"56931:UDP"=-
"41171:TCP"=-
"64517:TCP"=-
"55915:TCP"=-
"45954:TCP"=-
"42802:TCP"=-
"47311:TCP"=-
"42109:TCP"=-
"57743:TCP"=-
"64241:TCP"=-
"51802:TCP"=-
"54307:TCP"=-
"61461:TCP"=-
"58219:TCP"=-
"55640:TCP"=-
"44781:TCP"=-
"56117:TCP"=-
"47501:TCP"=-
"45744:TCP"=-
"58002:TCP"=-
"53161:TCP"=-
"42407:TCP"=-
"52689:TCP"=-
"55392:TCP"=-
"40319:TCP"=-
"60734:TCP"=-
"57964:TCP"=-
"44139:TCP"=-
"46415:TCP"=-
"52423:TCP"=-
"55533:TCP"=-
"48058:TCP"=-
"47645:TCP"=-
"57286:TCP"=-
"59057:TCP"=-
"63805:TCP"=-
"53176:TCP"=-
"56527:TCP"=-
"59333:TCP"=-
"41432:TCP"=-
"50835:TCP"=-
"62621:TCP"=-
"54651:TCP"=-
"64396:TCP"=-
"60255:TCP"=-
"64112:TCP"=-
"61973:TCP"=-
"60264:TCP"=-
"58197:TCP"=-
"51308:TCP"=-
"54627:TCP"=-
"58962:TCP"=-
"51178:TCP"=-
"62953:TCP"=-
"52248:TCP"=-
"63047:TCP"=-
"52556:TCP"=-
"59773:TCP"=-
"48145:TCP"=-
"61202:TCP"=-
"49540:TCP"=-
"62831:TCP"=-
"53286:TCP"=-
"43461:TCP"=-
"62017:TCP"=-
"55761:TCP"=-
"63525:TCP"=-
"54421:TCP"=-
"54189:TCP"=-
"52814:TCP"=-
"41156:TCP"=-
"44947:TCP"=-
"59185:TCP"=-
"46779:TCP"=-
"40890:TCP"=-
"46739:TCP"=-
"62173:TCP"=-
"53855:TCP"=-
"46886:TCP"=-
"42551:TCP"=-
"55438:TCP"=-
"43624:TCP"=-
"50837:TCP"=-
"58881:TCP"=-
"58421:TCP"=-
"55686:TCP"=-
"45441:TCP"=-
"46961:TCP"=-
"45065:TCP"=-
"51860:TCP"=-
"58277:TCP"=-
"50363:TCP"=-
"44326:TCP"=-
"64632:TCP"=-
"40972:TCP"=-
"46393:TCP"=-

Driver::
8b095404e56a27ff
fd58800357b95401
vToolbarUpdater

DDS::
uStart Page = hxxp://www.gaxpa-search.com/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} -

Firefox::
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpa-search.com/
FF - prefs.js: browser.startup.homepage - allstartpage.com
user_pref(browser.startup.homepage , hxxp://www.gaxpa-search.com/);


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 02 Avg 2013 23:17
Idi na vrh
offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 02.08.2013 23:02:01.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.78 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\alluse~1\locals~1\temp\mshhouvac.cmd"
"c:\docume~1\korisn~1\locals~1\temp\sysfnx.exe"
"c:\documents and settings\Korisnik 1\Application Data\Heyoyv.exe"
"c:\windows\sms.exe"
"c:\windows\System32\Drivers\8b095404e56a27ff.sys"
"c:\windows\System32\Drivers\fd58800357b95401.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\documents and settings\Korisnik 1\Application Data\Babylon
c:\documents and settings\Korisnik 1\Application Data\Babylon\log_file.txt
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\UpdaterConfig.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_8B095404E56A27FF
-------\Legacy_FD58800357B95401
-------\Legacy_VTOOLBARUPDATER
-------\Service_8b095404e56a27ff
-------\Service_fd58800357b95401
-------\Service_vToolbarUpdater
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"="c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe" [BU]
"27241"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd" [BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 ESEADriver2;ESEADriver2;\??\c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys --> c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-02 23:13
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-02 23:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 21:15
ComboFix2.txt 2013-08-02 18:56
.
Pre-Run: 15.806.476.288 bytes free
Post-Run: 15.793.733.632 bytes free
.
- - End Of File - - 196738E94A7E949021928EB89279A5A6
8F558EB6672622401DA993E1E865C861

Poslao: 02 Avg 2013 23:34
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"=-
"27241"=-

KillAll::

File::
c:\docume~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe
c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd
c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys

DDS::
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

Driver::
ESEADriver2

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 03 Avg 2013 02:31
Idi na vrh
offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

ComboFix 13-08-02.01 - Korisnik 1 03.08.2013 2:15.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.200 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd"
"c:\docume~1\KORISN~1\LOCALS~1\Temp\ESEADriver2.sys"
"c:\docume~1\KORISN~1\LOCALS~1\Temp\sysfnx.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESEADRIVER2
-------\Service_ESEADriver2
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"System Sound"="c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe" [BU]
"27241"="c:\docume~1\ALLUSE~1\LOCALS~1\Temp\mshhouvac.cmd" [BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: fabasoft.com\folio
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-03 02:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
System Sound = c:\docume~1\KORISN~1\LOCALS~1\Temp\\sysfnx.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2272)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-03 02:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-03 00:29
ComboFix2.txt 2013-08-02 21:16
ComboFix3.txt 2013-08-02 18:56
.
Pre-Run: 15.654.871.040 bytes free
Post-Run: 15.645.474.816 bytes free
.
- - End Of File - - 58B30803802F3469C95BA4733C9E3088
8F558EB6672622401DA993E1E865C861

Poslao: 03 Avg 2013 09:42
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Moramo koristiti ubojitiji alat da bi obrisali odredjene unose.


---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Korak #1



Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Registry values to delete:
HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run | System Sound
HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run | 27241

Files to delete:
C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe
C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd

Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.





---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Korak #2




Otvoriti Notepad i iskopirati sledeci tekst:


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

DDS::
Trusted Zone: fabasoft.com\folio



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 03 Avg 2013 15:48
Idi na vrh
offline
  • Pridružio: 19 Jul 2012
  • Poruke: 55
  • Gde živiš: Naissus

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe" not found!
Deletion of file "C:\Documents and Settings\Korisnik 1\Local Settings\temp\sysfnx.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd" not found!
Deletion of file "C:\Documents and Settings\All Users\Local Settings\temp\mshhouvac.cmd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run|System Sound" deleted successfully.
Registry value "HKLM\software\microsoft\windows\Currentversion\policies\explorer\Run|27241" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


ComboFix 13-08-02.01 - Korisnik 1 03.08.2013 15:34:46.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.161 [GMT 2:00]
Running from: c:\documents and settings\Korisnik 1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik 1\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
2013-07-11 21:21 . 2013-07-11 21:21 -------- d--h--w- c:\program files\Common Files\EAInstaller
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Application Data\Origin
2013-07-11 20:35 . 2013-07-11 20:41 -------- d-----w- c:\program files\Origin Games
2013-07-11 20:35 . 2013-08-02 13:57 -------- d-----w- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin
2013-07-11 20:31 . 2013-07-11 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-07-09 11:57 . 2013-07-11 12:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 08:45 . 2013-03-24 17:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-17 08:45 . 2013-03-24 17:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 16:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Deer Hunter 2005 Registration.lnk
backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik 1^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Korisnik 1\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-06 11:17 136176 ----atw- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-24 17:05 1597864 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"SwOffWeb"=2 (0x2)
"SwOffScheduler"=2 (0x2)
"Steam Client Service"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RichVideo"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\MILF Community\\MILF Edition 2012\\hl.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\kiko238\\counter-strike\\hl.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"d:\\Documents and Settings\\Korisnik 1\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Origin Games\\Battlefield 1942\\BF1942.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.1.2012 15:36 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.1.2012 15:36 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.1.2012 15:36 17744]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [24.3.2013 18:35 3560288]
R3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys [18.3.2008 16:23 20480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [26.5.2011 16:55 1714176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8.10.2011 15:52 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8.10.2011 15:52 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8.10.2011 15:52 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8.10.2011 15:52 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8.10.2011 15:52 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8.10.2011 15:52 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8.10.2011 15:52 109864]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> d:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 08:45]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003Core.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1364589140-725345543-1003UA.job
- c:\documents and settings\Korisnik 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-06 11:17]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Korisnik 1\Application Data\Mozilla\Firefox\Profiles\jicp0oxt.default\
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2013-08-03 15:44
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3080)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-03 15:46:19
ComboFix-quarantined-files.txt 2013-08-03 13:46
ComboFix2.txt 2013-08-03 00:29
ComboFix3.txt 2013-08-02 21:16
ComboFix4.txt 2013-08-02 18:56
.
Pre-Run: 15.644.618.752 bytes free
Post-Run: 15.633.883.136 bytes free
.
- - End Of File - - E5967AD7831865844926D2EFAA07CDE5
8F558EB6672622401DA993E1E865C861

Poslao: 03 Avg 2013 15:59
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ovo sad izgleda mnogo bolje. Sistem je imao pravu malu kolekciju malware-a. U Ambulanti odavno nismo imali ovako razlicitu kolekciju raznog malware-a.

Jos neke dodatne provere ...



Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

sysfnx.exe;z
mshhouvac.cmd;z
c:\docume~1\KORISN~1\LOCALS~1\Temp\\;vs
c:\docume~1\ALLUSE~1\LOCALS~1\Temp;vs

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati program me izbacuje iz igrica i drugih programa

Ko je trenutno na forumu
 

Ukupno su 1206 korisnika na forumu :: 63 registrovanih, 7 sakrivenih i 1136 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., aleksmajstor, amaterSRB, Atomski čoban, bato, Bojan85, BRATORIII, Bubimir, cavatina, celik, Centauro, cikadeda, Cirkon, darios, dozorni, draggan, Folkstar, FOX, gomago, HrcAk47, Joja, Karla, kolateralnasteta, Kruger, Kubovac, kuntalo, kybonacci, Leonov, Lucije Kvint, Marko Marković, mercedesamg, milenko crazy north, Miskohd, moldway, Motocar, MrNo, nazgul75, nemkea71, nenad81, nenooo, nesa1962, oldtimer, Parker, pein, Pohovani_00, proka89, RILE-NS, royst33, sasakrajina, Singidunumac, Snorks, Steeeefan, Stefan M, stegonosa, theNedjeljko, vasa.93, vaso1, vathra, VJ, wolf431, yrraf, zixmix