trojanci ne mogu da se sklone

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Sep 2013 23:29

Poz ljudi,imam problem svi kompovi mi zarazeni,moj sin skida nemam polma sta pa je navukao neki QV06 u browseru i os nekih trojanaca kao lollypop i jos nekih,brisao sam dosta puta sa vise alata i opet su tu adwcleanertrojankiller itd.kako da sklonim ovo.

Dopuna: 13 Sep 2013 23:33

izvinjavam se zbog greski zeza me tastatura.

Dopuna: 13 Sep 2013 23:55

evo sken od trojan killer

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

Moramo da radimo jedan po jedan kompjuter ukoliko ih imas vise. Za svaki kompjuter koji imas moras da otvoris posebnu temu i da nam postavis odgovarajuce izvestaje jer mi nikada ne radimo na slepo.

Procitaj ovu temu i postavi nam DDS izvestaje.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 13 Sep 2013 23:57

mycity.rs/must-login.png

Dopuna: 13 Sep 2013 23:59

gmer jos uvek cita evo prvi log
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu, zavrsi GMER skeniranje ( Gmer2 i Gmer3 ) a potom okaci i DDS logove.
DDS dijagnostika nam je osnovna.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 14 Sep 2013 0:19

mycity.rs/must-login.png

Dopuna: 14 Sep 2013 0:29

mycity.rs/must-login.png

mycity.rs/must-login.png




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by kiki at 0:24:09 on 2013-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.33.1033.18.4095.2378 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\kiki\Desktop\kzut51kq.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} - C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho.dll
BHO: ????????????????????????????.???????????????????????????????: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [tuto4pc_fr_60] <no file>
StartupFolder: C:\Users\kiki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\lollipop.lnk - C:\Users\kiki\AppData\Local\Lollipop\Lollipop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F} : DHCPNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F}\24F6579776575637024556C65636F6D6027596D26496 : DHCPNameServer = 194.158.122.10 194.158.122.15
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F}\6427565675966696 : DHCPNameServer = 212.27.40.241 212.27.40.240
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
x64-mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
x64-mWinlogon: Userinit = userinit.exe
x64-BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} - C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-3-30 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-4-29 145448]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-30 117760]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-29 1431888]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-24 38096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\System32\drivers\gtkdrv.sys [2013-6-26 16640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-30 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-13 21:08:16 -------- d-----w- C:\Users\kiki\AppData\Local\Lollipop
2013-09-13 21:08:09 -------- d-----w- C:\Program Files (x86)\LyricsSay-1
2013-09-13 19:55:38 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-09-13 18:35:39 -------- d-----w- C:\Program Files\Enigma Software Group
2013-09-13 18:34:48 -------- d-----w- C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-13 18:11:25 -------- d-----w- C:\ProgramData\Oracle
2013-09-13 18:10:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 17:58:45 -------- d-----w- C:\Program Files (x86)\predm
2013-09-13 13:52:57 -------- d-----w- C:\ProgramData\4shared Desktop
2013-09-11 11:49:14 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 11:48:27 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-05 16:05:25 -------- d-----w- C:\Temp
2013-09-05 11:41:41 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2013-09-05 11:39:00 -------- d-----w- C:\ProgramData\eSafe
2013-09-05 11:38:58 -------- d-----w- C:\Users\kiki\AppData\Local\DProtect
2013-09-05 11:38:43 -------- d-----w- C:\ProgramData\BoxUpdChk
2013-09-05 11:37:54 -------- d-----w- C:\Users\kiki\AppData\Local\Software
2013-09-05 11:37:54 -------- d-----w- C:\Program Files (x86)\Software
2013-09-04 23:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-03 17:42:33 -------- d-----w- C:\Users\kiki\AppData\Roaming\.mono
2013-09-02 09:01:33 -------- d-----w- C:\Users\kiki\AppData\Local\Roblox
2013-08-28 10:42:06 -------- d-----w- C:\ProgramData\NexonEU
.
==================== Find3M ====================
.
2013-09-13 18:10:31 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-13 18:10:31 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-13 13:15:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:15:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 23:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-26 12:56:58 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys
.
============= FINISH: 0:24:58,98 ===============

Dopuna: 14 Sep 2013 0:32

GMER 2.1.19163 - gmer.net
Autostart scan 2013-09-14 00:30:55
Windows 6.1.7601 Service Pack 1

AdobeARMservice@ = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
AFBAgent@ = "C:\Windows\system32\FBAgent.exe"
ASLDRService@ = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
ATKGFNEXSrv@ = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
Autodata Limited License Service@ = C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
AVGIDSAgent@ = "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
avgwd@ = "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
nvsvc@ = C:\Windows\system32\nvvsvc.exe
nvUpdatusService@ = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Stereo Service@ = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
WMPNetworkSvc@ = "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run@AmIcoSinglun64 = C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background \ /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WebCheck =

HKLM\Software\Classes\.hta@ = "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
@{dd230880-495a-11d1-b064-008048ec2fc5} /*Scan with Kaspersky Anti-Virus*/(null) =
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files (x86)\AVG\AVG2013\avgsea.dll = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Program Files\NVIDIA Corporation\Display\nvui.dll = C:\Program Files\NVIDIA Corporation\Display\nvui.dll
@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} /*NVIDIA Play On My TV Context Menu Extension*/%SystemRoot%\system32\nvshext.dll = %SystemRoot%\system32\nvshext.dll
@{EBDF1F20-C829-11D1-8233-0020AF3E97A9} /*4shared_Desktop*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
ADSMEnDecExt@{8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} = C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\AdsmendecExt.dll
AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll
WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext64.dll
WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ADSMEnDecExt@{8BB925EB-A385-4F4D-B463-D9CC4A4F98F5} = C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\AdsmendecExt.dll
WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext64.dll
WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\NvCplDesktopContext@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = %SystemRoot%\system32\nvshext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll
WinRAR@{B41DB860-64E4-11D2-9906-E49FADC173CA} = C:\Program Files (x86)\WinRAR\rarext64.dll
WinRAR32@{B41DB860-8EE4-11D2-9906-E49FADC173CA} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{11111111-1111-1111-1111-110411151152}C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll = C:\Program Files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\system32\ASUS_S~1.SCR /*file not found*/

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069 = qvo6.com/?utm_source=b&utm_medium=slbne.....1378381069
@Start Pagehttp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069 = qvo6.com/?utm_source=b&utm_medium=slbne.....1378381069
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069 = qvo6.com/?utm_source=b&utm_medium=slbne.....1378381069
@Start Pagehttp://www.google.com/ = google.com/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ms-help@CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} /*file not found*/

---- EOF - GMER 2.1 ----

Dopuna: 14 Sep 2013 0:33

eto to je to sto se tice skeniranja

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U redu, idemo dalje.

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Za vise informacija o pravilima Ambulante MyCity foruma: LINK
=====================================================






Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.


----- potom -----

Ponovo pokreni DDS i postavi mi svez DDS.txt log na uvid.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 14 Sep 2013 1:10

ComboFix 13-09-13.03 - kiki 14/09/2013 0:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.33.1033.18.4095.2370 [GMT 2:00]
Lancé depuis: c:\users\kiki\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LyricsSay-1\LyRIcssay-1-bho.dll
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I41530_8280989583
c:\programdata\MPK\1\I41530_8287934375
c:\programdata\MPK\1\I41530_8294880556
c:\programdata\MPK\1\I41530_8301826157
c:\programdata\MPK\1\I41530_8308773264
c:\programdata\MPK\1\I41530_8315719213
c:\programdata\MPK\1\I41530_8322664352
c:\programdata\MPK\1\I41530_8329611343
c:\programdata\MPK\1\I41530_8336557639
c:\programdata\MPK\1\I41530_8359678009
c:\programdata\MPK\1\I41530_8366623495
c:\programdata\MPK\1\I41530_8373569444
c:\programdata\MPK\1\I41530_8380515509
c:\programdata\MPK\1\I41530_8387461690
c:\programdata\MPK\1\I41530_8394407639
c:\programdata\MPK\1\I41530_8401353704
c:\programdata\MPK\1\I41530_8408299653
c:\programdata\MPK\1\I41530_8415245602
c:\programdata\MPK\1\I41530_8422191551
c:\programdata\MPK\1\I41530_8429137500
c:\programdata\MPK\1\I41530_8436083449
c:\programdata\MPK\1\I41530_8443029514
c:\programdata\MPK\1\I41530_8449975463
c:\programdata\MPK\1\I41530_8483754282
c:\programdata\MPK\1\I41530_8490700231
c:\programdata\MPK\1\I41530_8497646181
c:\programdata\MPK\1\I41530_8504592130
c:\programdata\MPK\1\I41530_8511538194
c:\programdata\MPK\1\I41530_8518485880
c:\programdata\MPK\1\I41530_8525430440
c:\programdata\MPK\1\I41530_8532377546
c:\programdata\MPK\1\I41530_8541550231
c:\programdata\MPK\1\I41530_8546269444
c:\programdata\MPK\1\I41530_8553215394
c:\programdata\MPK\1\I41530_8560161343
c:\programdata\MPK\1\I41530_8567106597
c:\programdata\MPK\1\I41530_8574053009
c:\programdata\MPK\1\I41530_8580998958
c:\programdata\MPK\1\I41530_8587944907
c:\programdata\MPK\1\I41530_8594892708
c:\programdata\MPK\1\I41530_8601836921
c:\programdata\MPK\1\I41530_8608784722
c:\programdata\MPK\1\I41530_8615728819
c:\programdata\MPK\1\I41530_8622674768
c:\programdata\MPK\1\I41530_8850748148
c:\programdata\MPK\1\I41530_8857693519
c:\programdata\MPK\1\I41530_8864639699
c:\programdata\MPK\1\I41530_8871586227
c:\programdata\MPK\1\I41530_8878533218
c:\programdata\MPK\1\I41530_8885477546
c:\programdata\MPK\1\I41530_8892425347
c:\programdata\MPK\1\I41530_8899371296
c:\programdata\MPK\1\I41530_8906317245
c:\programdata\MPK\1\I41530_8913263194
c:\programdata\MPK\1\I41530_8920209259
c:\programdata\MPK\1\I41530_8927155208
c:\programdata\MPK\1\I41530_8934101157
c:\programdata\MPK\1\I41530_8941047106
c:\programdata\MPK\1\I41530_8947993056
c:\programdata\MPK\1\I41530_8954939120
c:\programdata\MPK\1\I41530_8961885069
c:\programdata\MPK\1\I41530_8968829861
c:\programdata\MPK\1\I41530_8975776736
c:\programdata\MPK\1\I41530_8982723380
c:\programdata\MPK\1\I41530_8989668750
c:\programdata\MPK\1\I41530_8996614468
c:\programdata\MPK\1\I41530_9003560417
c:\programdata\MPK\1\I41530_9010506134
c:\programdata\MPK\1\I41530_9017452546
c:\programdata\MPK\1\I41530_9024398032
c:\programdata\MPK\1\I41530_9031345023
c:\programdata\MPK\1\I41530_9038290741
c:\programdata\MPK\1\I41530_9045236690
c:\programdata\MPK\1\I41530_9052182176
c:\programdata\MPK\1\I41530_9059128588
c:\programdata\MPK\1\I41530_9066075231
c:\programdata\MPK\1\I41530_9073020139
c:\programdata\MPK\1\I41530_9079966435
c:\programdata\MPK\1\I41530_9086912153
c:\programdata\MPK\1\I41530_9093858102
c:\programdata\MPK\1\I41530_9100804745
c:\programdata\MPK\1\I41530_9107750463
c:\programdata\MPK\1\I41530_9114697454
c:\programdata\MPK\1\I41530_9121643750
c:\programdata\MPK\1\I41530_9128588542
c:\programdata\MPK\1\I41530_9135534722
c:\programdata\MPK\1\I41530_9142480903
c:\programdata\MPK\1\I41530_9149427662
c:\programdata\MPK\1\I41530_9156373611
c:\programdata\MPK\1\I41530_9163319676
c:\programdata\MPK\1\I41530_9170264583
c:\programdata\MPK\1\I41530_9177210648
c:\programdata\MPK\1\I41530_9184156481
c:\programdata\MPK\1\I41530_9191102662
c:\programdata\MPK\1\I41530_9198048611
c:\programdata\MPK\1\I41530_9204994560
c:\programdata\MPK\1\I41530_9211940509
c:\programdata\MPK\1\I41530_9218887269
c:\programdata\MPK\1\I41530_9225832407
c:\programdata\MPK\1\I41530_9232780208
c:\programdata\MPK\1\I41530_9239726157
c:\programdata\MPK\1\I41530_9246672106
c:\programdata\MPK\1\I41530_9253618056
c:\programdata\MPK\1\I41530_9260564120
c:\programdata\MPK\1\I41530_9267510069
c:\programdata\MPK\1\I41530_9274456019
c:\programdata\MPK\1\I41530_9281401968
c:\programdata\MPK\1\I41530_9288347917
c:\programdata\MPK\1\I41530_9295293981
c:\programdata\MPK\1\I41530_9302239120
c:\programdata\MPK\1\I41530_9309185069
c:\programdata\MPK\1\I41530_9316131018
c:\programdata\MPK\1\I41530_9323077315
c:\programdata\MPK\1\I41530_9330022917
c:\programdata\MPK\1\I41530_9336970023
c:\programdata\MPK\1\I41530_9343915972
c:\programdata\MPK\1\I41530_9350862037
c:\programdata\MPK\1\I41530_9357808333
c:\programdata\MPK\1\I41530_9364754398
c:\programdata\MPK\1\I41530_9371700347
c:\programdata\MPK\1\I41530_9378644907
c:\programdata\MPK\1\I41530_9385590741
c:\programdata\MPK\1\I41530_9392538542
c:\programdata\MPK\1\I41530_9399484491
c:\programdata\MPK\1\I41530_9406430556
c:\programdata\MPK\1\I41530_9421837269
c:\programdata\MPK\1\I41530_9426432407
c:\programdata\MPK\1\I41530_9427268403
c:\programdata\MPK\1\I41530_9436698843
c:\programdata\MPK\1\I41530_9441160417
c:\programdata\MPK\1\I41530_9449139120
c:\programdata\MPK\1\I41530_9455052315
c:\programdata\MPK\1\I41530_9461998264
c:\programdata\MPK\1\I41530_9468944213
c:\programdata\MPK\1\I41530_9475890278
c:\programdata\MPK\1\I41530_9482836227
c:\programdata\MPK\1\I41530_9489782176
c:\programdata\MPK\1\I41530_9496727315
c:\programdata\MPK\1\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\MalformedDB\D0000._41530.8843560301_1
c:\programdata\MPK\mpk.db
c:\programdata\MPK\mpk.db_
c:\programdata\MPK\REFOG Personal Monitor.lnk
c:\programdata\MPK\REFOG Personal Monitor\Order now!.lnk
c:\programdata\MPK\REFOG Personal Monitor\REFOG Personal Monitor on the Web.lnk
c:\programdata\MPK\REFOG Personal Monitor\REFOG Personal Monitor.lnk
c:\programdata\MPK\S0000
c:\users\kiki\AppData\Local\DProtect
c:\users\kiki\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\kiki\AppData\Local\lollipop
c:\users\kiki\AppData\Local\lollipop\lollipop_cfg.lpd
c:\users\kiki\AppData\Roaming\Kaspersky_Key_Finder_(KKF
c:\users\kiki\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder.exe_Url_3zmvrqsxfgk5xiv4iusjvd2zopusrylv\1.4.1.0\user.config
c:\users\kiki\AppData\Roaming\Microsoft\Windows\Recent\MUFTAKiS l Eftekasation Mentality.url
c:\users\kiki\ZumasRevenge.exe
c:\windows\~de74bc.tmp
c:\windows\~df394b.tmp
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\n.tmp
c:\windows\SysWow64\MPK
c:\windows\SysWow64\MPK\cinfo.bin
c:\windows\SysWow64\MPK\Help\English\alarms.htm
c:\windows\SysWow64\MPK\Help\English\clipboard.htm
c:\windows\SysWow64\MPK\Help\English\computer.htm
c:\windows\SysWow64\MPK\Help\English\delivery.htm
c:\windows\SysWow64\MPK\Help\English\file.htm
c:\windows\SysWow64\MPK\Help\English\filters.htm
c:\windows\SysWow64\MPK\Help\English\imhelp.htm
c:\windows\SysWow64\MPK\Help\English\internet.htm
c:\windows\SysWow64\MPK\Help\English\invisible.htm
c:\windows\SysWow64\MPK\Help\English\keyboard.htm
c:\windows\SysWow64\MPK\Help\English\log_size.htm
c:\windows\SysWow64\MPK\Help\English\logging.htm
c:\windows\SysWow64\MPK\Help\English\need_update_net.htm
c:\windows\SysWow64\MPK\Help\English\password.htm
c:\windows\SysWow64\MPK\Help\English\programs.htm
c:\windows\SysWow64\MPK\Help\English\screenshot.htm
c:\windows\SysWow64\MPK\Help\English\settings_node.htm
c:\windows\SysWow64\MPK\Help\English\update.htm
c:\windows\SysWow64\MPK\Help\English\users_node.htm
c:\windows\SysWow64\MPK\Help\German\alarms.htm
c:\windows\SysWow64\MPK\Help\German\clipboard.htm
c:\windows\SysWow64\MPK\Help\German\computer.htm
c:\windows\SysWow64\MPK\Help\German\delivery.htm
c:\windows\SysWow64\MPK\Help\German\file.htm
c:\windows\SysWow64\MPK\Help\German\filters.htm
c:\windows\SysWow64\MPK\Help\German\imhelp.htm
c:\windows\SysWow64\MPK\Help\German\internet.htm
c:\windows\SysWow64\MPK\Help\German\invisible.htm
c:\windows\SysWow64\MPK\Help\German\keyboard.htm
c:\windows\SysWow64\MPK\Help\German\log_size.htm
c:\windows\SysWow64\MPK\Help\German\logging.htm
c:\windows\SysWow64\MPK\Help\German\need_update_net.htm
c:\windows\SysWow64\MPK\Help\German\password.htm
c:\windows\SysWow64\MPK\Help\German\programs.htm
c:\windows\SysWow64\MPK\Help\German\screenshot.htm
c:\windows\SysWow64\MPK\Help\German\settings_node.htm
c:\windows\SysWow64\MPK\Help\German\users_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm
c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\computer.htm
c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm
c:\windows\SysWow64\MPK\Help\Spanish\filters.htm
c:\windows\SysWow64\MPK\Help\Spanish\internet.htm
c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm
c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm
c:\windows\SysWow64\MPK\Help\Spanish\logging.htm
c:\windows\SysWow64\MPK\Help\Spanish\password.htm
c:\windows\SysWow64\MPK\Help\Spanish\programs.htm
c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm
c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm
c:\windows\SysWow64\MPK\icon_1.ico
c:\windows\SysWow64\MPK\Images\banner_em_english.gif
c:\windows\SysWow64\MPK\Images\banner_em_english.swf
c:\windows\SysWow64\MPK\Images\banner_em_german.gif
c:\windows\SysWow64\MPK\Images\banner_em_german.swf
c:\windows\SysWow64\MPK\Images\banner_em_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_em_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_english.gif
c:\windows\SysWow64\MPK\Images\banner_english.swf
c:\windows\SysWow64\MPK\Images\banner_german.gif
c:\windows\SysWow64\MPK\Images\banner_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_english.gif
c:\windows\SysWow64\MPK\Images\banner_pm_english.swf
c:\windows\SysWow64\MPK\Images\banner_pm_german.gif
c:\windows\SysWow64\MPK\Images\banner_pm_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_russian.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.swf
c:\windows\SysWow64\MPK\Images\english.gif
c:\windows\SysWow64\MPK\Images\german.gif
c:\windows\SysWow64\MPK\Images\upgrade_middle.png
c:\windows\SysWow64\MPK\Images\upgrade_middle_russian.png
c:\windows\SysWow64\MPK\Images\upgrade_top.png
c:\windows\SysWow64\MPK\Images\upgrade_top_russian.png
c:\windows\SysWow64\MPK\Images\vista_hide.bmp
c:\windows\SysWow64\MPK\Images\xp_hide.bmp
c:\windows\SysWow64\MPK\key.bin
c:\windows\SysWow64\MPK\Lang\Brazilian.frc
c:\windows\SysWow64\MPK\Lang\Brazilian.lng
c:\windows\SysWow64\MPK\Lang\English.frc
c:\windows\SysWow64\MPK\Lang\French.frc
c:\windows\SysWow64\MPK\Lang\French.lng
c:\windows\SysWow64\MPK\Lang\German.frc
c:\windows\SysWow64\MPK\Lang\German.lng
c:\windows\SysWow64\MPK\Lang\Italian.frc
c:\windows\SysWow64\MPK\Lang\Italian.lng
c:\windows\SysWow64\MPK\Lang\Japanese.frc
c:\windows\SysWow64\MPK\Lang\Japanese.lng
c:\windows\SysWow64\MPK\Lang\Polish.frc
c:\windows\SysWow64\MPK\Lang\Polish.lng
c:\windows\SysWow64\MPK\Lang\Portuguese.frc
c:\windows\SysWow64\MPK\Lang\Portuguese.lng
c:\windows\SysWow64\MPK\Lang\Romanian.frc
c:\windows\SysWow64\MPK\Lang\Romanian.lng
c:\windows\SysWow64\MPK\Lang\Russian.frc
c:\windows\SysWow64\MPK\Lang\Spanish.frc
c:\windows\SysWow64\MPK\Lang\Spanish.lng
c:\windows\SysWow64\MPK\Lang\Turkish.frc
c:\windows\SysWow64\MPK\Lang\Turkish.lng
c:\windows\SysWow64\MPK\Lang\Ukrainian.frc
c:\windows\SysWow64\MPK\Lang\Ukrainian.lng
c:\windows\SysWow64\MPK\libeay32.dll
c:\windows\SysWow64\MPK\lnkmst.exe
c:\windows\SysWow64\MPK\lsynchost.exe
c:\windows\SysWow64\MPK\Mpk.dll
c:\windows\SysWow64\MPK\MPK.exe
c:\windows\SysWow64\MPK\Mpk64.dll
c:\windows\SysWow64\MPK\MPK64.exe
c:\windows\SysWow64\MPK\MpkHCQ12.dll
c:\windows\SysWow64\MPK\MPKInst.exe
c:\windows\SysWow64\MPK\MPKView.exe
c:\windows\SysWow64\MPK\sqlite3.dll
c:\windows\SysWow64\MPK\ssleay32.dll
c:\windows\SysWow64\MPK\trial_pro.ini
c:\windows\SysWow64\MPK\unins000.dat
c:\windows\SysWow64\MPK\unins000.exe
c:\windows\SysWow64\MPK\unins000.msg
c:\windows\SysWow64\MPK\zlib1.dll
c:\windows\SysWow64\SETA209.tmp
c:\windows\SysWow64\SETC9E0.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-08-13 au 2013-09-13 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-13 23:03 . 2013-09-13 23:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-13 23:03 . 2013-09-13 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-13 21:08 . 2013-09-13 23:02 -------- d-----w- c:\program files (x86)\LyricsSay-1
2013-09-13 19:55 . 2013-09-13 22:44 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-09-13 18:35 . 2013-09-13 18:35 -------- d-----w- c:\program files\Enigma Software Group
2013-09-13 18:34 . 2013-09-13 19:39 -------- d-----w- c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-13 18:11 . 2013-09-13 18:11 -------- d-----w- c:\programdata\Oracle
2013-09-13 18:11 . 2013-09-13 18:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-13 18:10 . 2013-09-13 18:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 17:58 . 2013-09-13 17:58 -------- d-----w- c:\program files (x86)\predm
2013-09-13 13:52 . 2013-09-13 13:52 -------- d-----w- c:\programdata\4shared Desktop
2013-09-11 11:49 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 11:48 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 11:48 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-11 11:48 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-05 16:05 . 2013-09-05 16:05 -------- d-----w- C:\Temp
2013-09-05 11:41 . 2013-09-07 12:53 -------- d-----w- c:\program files (x86)\IminentToolbar
2013-09-05 11:39 . 2013-09-13 18:04 -------- d-----w- c:\programdata\eSafe
2013-09-05 11:38 . 2013-09-11 11:38 -------- d-----w- c:\programdata\BoxUpdChk
2013-09-05 11:37 . 2013-09-07 13:43 -------- d-----w- c:\program files (x86)\Software
2013-09-05 11:37 . 2013-09-05 11:37 -------- d-----w- c:\users\kiki\AppData\Local\Software
2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 17:42 . 2013-09-03 17:42 -------- d-----w- c:\users\kiki\AppData\Roaming\.mono
2013-09-02 09:01 . 2013-09-02 09:16 -------- d-----w- c:\users\kiki\AppData\Local\Roblox
2013-08-28 10:42 . 2013-08-28 10:42 -------- d-----w- c:\programdata\NexonEU
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 18:10 . 2012-06-14 12:33 868264 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-09-13 18:10 . 2012-03-30 13:59 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-13 13:15 . 2012-03-30 14:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:15 . 2012-03-30 14:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 18:11 . 2012-03-30 15:05 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-11 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2012-3-30 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - KXLDQPOD
*Deregistered* - kxldqpod
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:15]
.
2013-09-13 c:\windows\Tasks\Express FilesUpdate.job
- c:\program files (x86)\ExpressFiles\EFUpdater.exe [2012-09-21 18:42]
.
2013-09-13 c:\windows\Tasks\LyricsSay-1-chromeinstaller.job
- c:\program files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe [2013-09-13 21:08]
.
2013-09-13 c:\windows\Tasks\LyricsSay-1-codedownloader.job
- c:\program files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe [2013-09-13 21:08]
.
2013-09-13 c:\windows\Tasks\LyricsSay-1-enabler.job
- c:\program files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe [2013-09-13 21:08]
.
2013-09-13 c:\windows\Tasks\LyricsSay-1-firefoxinstaller.job
- c:\program files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe [2013-09-13 21:08]
.
2013-09-13 c:\windows\Tasks\LyricsSay-1-updater.job
- c:\program files (x86)\LyricsSay-1\LyricsSay-1-updater.exe [2013-09-13 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{11111111-1111-1111-1111-110411151152} - c:\program files (x86)\LyricsSay-1\LyricsSay-1-bho.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-tuto4pc_fr_60 - (no file)
c:\users\kiki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk - c:\users\kiki\AppData\Local\Lollipop\Lollipop.exe lollipop
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-09-14 01:07:55
ComboFix-quarantined-files.txt 2013-09-13 23:07
.
Avant-CF: 157 191 659 520 bytes free
Aprčs-CF: 160 020 410 368 bytes free
.
- - End Of File - - F262CBC48D39BCB4894E821D306D7687
A36C5E4F47E84449FF07ED3517B43A31

Dopuna: 14 Sep 2013 1:16

mycity.rs/must-login.png

mycity.rs/must-login.png




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.40.2
Run by kiki at 1:14:36 on 2013-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.33.1033.18.4095.2142 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\explorer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} -
BHO: ????????????????????????????.???????????????????????????????: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F} : DHCPNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F}\24F6579776575637024556C65636F6D6027596D26496 : DHCPNameServer = 194.158.122.10 194.158.122.15
TCP: Interfaces\{2662852D-2EAE-4051-83CB-672A6CADB91F}\6427565675966696 : DHCPNameServer = 212.27.40.241 212.27.40.240
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-3-30 359552]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-4-29 145448]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-30 117760]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-29 1431888]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-24 38096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-30 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-13 23:08:06 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-13 22:52:45 98816 ----a-w- C:\Windows\sed.exe
2013-09-13 22:52:45 256000 ----a-w- C:\Windows\PEV.exe
2013-09-13 22:52:45 208896 ----a-w- C:\Windows\MBR.exe
2013-09-13 21:08:09 -------- d-----w- C:\Program Files (x86)\LyricsSay-1
2013-09-13 19:55:38 -------- d-----w- C:\Program Files\GridinSoft Trojan Killer
2013-09-13 18:35:39 -------- d-----w- C:\Program Files\Enigma Software Group
2013-09-13 18:34:48 -------- d-----w- C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-13 18:11:25 -------- d-----w- C:\ProgramData\Oracle
2013-09-13 18:10:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 17:58:45 -------- d-----w- C:\Program Files (x86)\predm
2013-09-13 13:52:57 -------- d-----w- C:\ProgramData\4shared Desktop
2013-09-11 11:49:14 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-11 11:48:27 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-05 16:05:25 -------- d-----w- C:\Temp
2013-09-05 11:41:41 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2013-09-05 11:39:00 -------- d-----w- C:\ProgramData\eSafe
2013-09-05 11:38:43 -------- d-----w- C:\ProgramData\BoxUpdChk
2013-09-05 11:37:54 -------- d-----w- C:\Users\kiki\AppData\Local\Software
2013-09-05 11:37:54 -------- d-----w- C:\Program Files (x86)\Software
2013-09-04 23:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-03 17:42:33 -------- d-----w- C:\Users\kiki\AppData\Roaming\.mono
2013-09-02 09:01:33 -------- d-----w- C:\Users\kiki\AppData\Local\Roblox
2013-08-28 10:42:06 -------- d-----w- C:\ProgramData\NexonEU
.
==================== Find3M ====================
.
2013-09-13 18:10:31 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-13 18:10:31 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-13 13:15:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:15:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 23:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 1:14:59,67 ===============

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

KillAll::

Folder::
c:\program files (x86)\LyricsSay-1
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
C:\Program Files (x86)\IminentToolbar

DirLook::
c:\programdata\BoxUpdChk
c:\program files (x86)\predm
C:\Temp
c:\users\kiki\AppData\Roaming\.mono

File::
c:\windows\Tasks\LyricsSay-1-chromeinstaller.job
c:\windows\Tasks\LyricsSay-1-codedownloader.job
c:\windows\Tasks\LyricsSay-1-enabler.job
c:\windows\Tasks\LyricsSay-1-firefoxinstaller.job
c:\windows\Tasks\LyricsSay-1-updater.job

ClearJavaCache::

DDS::
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
BHO: LyricsSay-1: {11111111-1111-1111-1111-110411151152} -
BHO: ????????????????????????????.???????????????????????????????: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



------ potom -----



Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 14 Sep 2013 15:40

ComboFix 13-09-13.03 - kiki 14/09/2013 15:22:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.33.1033.18.4095.2354 [GMT 2:00]
Lancé depuis: c:\users\kiki\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\kiki\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\LyricsSay-1-chromeinstaller.job"
"c:\windows\Tasks\LyricsSay-1-codedownloader.job"
"c:\windows\Tasks\LyricsSay-1-enabler.job"
"c:\windows\Tasks\LyricsSay-1-firefoxinstaller.job"
"c:\windows\Tasks\LyricsSay-1-updater.job"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\IminentToolbar
c:\program files (x86)\LyricsSay-1
c:\program files (x86)\LyricsSay-1\41552.crx
c:\program files (x86)\LyricsSay-1\41552.xpi
c:\program files (x86)\LyricsSay-1\background.html
c:\program files (x86)\LyricsSay-1\Installer.log
c:\program files (x86)\LyricsSay-1\LyricsSay-1-bg.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-bho64.dll
c:\program files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.dll
c:\program files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.dll
c:\program files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-helper.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1-updater.exe
c:\program files (x86)\LyricsSay-1\LyricsSay-1.ico
c:\program files (x86)\LyricsSay-1\Uninstall.exe
c:\program files (x86)\LyricsSay-1\utils.exe
c:\programdata\ntuser.dat
c:\users\kiki\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\kiki\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\kiki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\kiki\EULA.txt
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCall.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla2.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla21.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla31.exe
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla32.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla33.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla34.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla36.dll
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseCustomCalla36.exe
c:\windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP\WiseData.ini
c:\windows\msvcr71.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\ijl11pro.dll
c:\windows\Tasks\LyricsSay-1-chromeinstaller.job
c:\windows\Tasks\LyricsSay-1-codedownloader.job
c:\windows\Tasks\LyricsSay-1-enabler.job
c:\windows\Tasks\LyricsSay-1-firefoxinstaller.job
c:\windows\Tasks\LyricsSay-1-updater.job
c:\windows\zclient.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-08-14 au 2013-09-14 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-14 13:30 . 2013-09-14 13:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-13 19:55 . 2013-09-13 22:44 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-09-13 18:35 . 2013-09-13 18:35 -------- d-----w- c:\program files\Enigma Software Group
2013-09-13 18:11 . 2013-09-13 18:11 -------- d-----w- c:\programdata\Oracle
2013-09-13 18:11 . 2013-09-13 18:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-13 18:10 . 2013-09-13 18:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 17:58 . 2013-09-13 17:58 -------- d-----w- c:\program files (x86)\predm
2013-09-13 13:52 . 2013-09-13 13:52 -------- d-----w- c:\programdata\4shared Desktop
2013-09-11 11:49 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 11:48 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 11:48 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-11 11:48 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-05 16:05 . 2013-09-05 16:05 -------- d-----w- C:\Temp
2013-09-05 11:39 . 2013-09-13 18:04 -------- d-----w- c:\programdata\eSafe
2013-09-05 11:38 . 2013-09-11 11:38 -------- d-----w- c:\programdata\BoxUpdChk
2013-09-05 11:37 . 2013-09-07 13:43 -------- d-----w- c:\program files (x86)\Software
2013-09-05 11:37 . 2013-09-05 11:37 -------- d-----w- c:\users\kiki\AppData\Local\Software
2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 17:42 . 2013-09-03 17:42 -------- d-----w- c:\users\kiki\AppData\Roaming\.mono
2013-09-02 09:01 . 2013-09-02 09:16 -------- d-----w- c:\users\kiki\AppData\Local\Roblox
2013-08-28 10:42 . 2013-08-28 10:42 -------- d-----w- c:\programdata\NexonEU
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 18:10 . 2012-06-14 12:33 868264 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-09-13 18:10 . 2012-03-30 13:59 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-13 13:15 . 2012-03-30 14:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:15 . 2012-03-30 14:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 18:11 . 2012-03-30 15:05 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-09-11 11:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\predm ----
.
.
---- Directory of c:\programdata\BoxUpdChk ----
.
2013-09-11 11:38 . 2013-09-11 11:38 3 ----a-w- c:\programdata\BoxUpdChk\logs\main_1010.log
2013-09-11 11:38 . 2013-09-11 11:38 3 ----a-w- c:\programdata\BoxUpdChk\logs\main_1000.log
2013-08-16 10:21 . 2013-08-16 10:21 177152 ----a-w- c:\programdata\BoxUpdChk\updchk.exe
.
---- Directory of C:\Temp ----
.
.
---- Directory of c:\users\kiki\AppData\Roaming\.mono ----
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411151152}]
c:\program files (x86)\LyricsSay-1\LyricsSay-1-bho.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-08-03 36352]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2012-3-30 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:15]
.
2013-09-14 c:\windows\Tasks\Express FilesUpdate.job
- c:\program files (x86)\ExpressFiles\EFUpdater.exe [2012-09-21 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=slbnew&utm_campaign=eXQ&utm_content=hp&from=slbnew&uid=3219913727_67194_98FC4CFF&ts=1378381069
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-LyricsSay-1 - c:\program files (x86)\LyricsSay-1\Uninstall.exe
AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2013-09-14 15:39:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-09-14 13:39
ComboFix2.txt 2013-09-13 23:07
.
Avant-CF: 157 713 166 336 bytes free
Aprčs-CF: 157 770 776 576 bytes free
.
- - End Of File - - 5DE766D0D1DA2DCA80E52AB123F7905C
A36C5E4F47E84449FF07ED3517B43A31

Dopuna: 14 Sep 2013 15:50

mycity.rs/must-login.png

Dopuna: 14 Sep 2013 15:50

to je to,uradio sam

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda mnogo bolje sad.
Ostaje nam jos jedan segment na visem nivou da proverimo. Za to koristicemo TDSSKiller a potom
idemo na dodatnu proveru sa zoek alatom u slucaju da se nesto provuklo pored CF-a.



Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]



----- potom -----



Preuzmi zoek.zip () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

autoclean;
c:\program files (x86)\predm;f
c:\programdata\BoxUpdChk;f
filesrcm;
startupall;
C:\Temp;f
c:\users\kiki\AppData\Roaming\.mono;f
firefoxlook;
chromelook;

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.