Problem sa drajverom.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 02 Feb 2014 19:19

Mislim da je u pitanju drajver kada ukljucim racunar pojavi mi se ovo


Brzina interneta je 2,5 mb u sekundi a marka open adesel,
taj problem mi se pojavio od kada sam instalirao igricu sims 2,Posle toga sam je izbrisao ali mi se ovo stalno pojavljuje,Probao sam da resim problem preko Malwarebytesom ali nisam mogao da pokrenem program za skeniranje o cemu se ovde radi?
DDS
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera_crashreporter.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Opera\19.0.1326.56\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mWinlogon: Userinit = c:\windows\system32\userinit.exe,d:\windows\system32\mpk\mpk.exe
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\mihajlo\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [BitTorrent] "c:\documents and settings\mihajlo\desktop\programi\BitTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [run32] c:\win\lsass.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{39779930-0796-4EA7-82B4-E7E11D0BB286} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2012-6-13 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2012-6-13 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2012-6-13 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2013-1-22 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-1-2 243128]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\mihajlo\application data\defaulttab\defaulttab\DTUpdate.exe [2013-12-11 107520]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\KMPService.exe [2013-12-18 1922600]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-12-20 103040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-2 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\sqladhlp.exe" --> c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE [?]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlagent.exe" -i sqlexpress --> c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [?]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-02 16:37:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 16:37:30 -------- d-----w- c:\documents and settings\mihajlo\application data\Malwarebytes
2014-02-02 16:37:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-02-02 15:25:56 -------- d-----w- c:\windows\pss
2014-02-02 13:29:01 -------- d-----w- c:\documents and settings\mihajlo\local settings\application data\TechSmith
2014-02-02 13:29:01 -------- d-----w- c:\documents and settings\mihajlo\local settings\application data\Help
2014-02-02 13:28:31 110592 ----a-w- c:\windows\system32\tsccvid.dll
2014-01-27 17:33:26 -------- d-sh--r- C:\Win
2014-01-17 02:18:03 1194185 ----a-w- c:\windows\unins000.exe
2014-01-17 01:58:57 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2014-01-17 01:58:57 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2014-01-17 01:58:57 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2014-01-17 01:58:57 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2014-01-17 01:58:57 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2014-01-17 01:58:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2014-01-17 01:58:55 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2014-01-16 23:18:39 9694440 ----a-w- c:\windows\Bildschirmschoner.scr
2014-01-15 22:47:04 -------- d-----w- c:\windows\San Andreas Mod Installer
2014-01-15 22:34:05 -------- d-----w- c:\program files\Rockstar Games
2014-01-14 14:43:23 -------- d-----w- c:\program files\CCleaner
2014-01-11 12:12:26 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2014-01-11 12:12:26 21504 ----a-w- c:\windows\system32\hidserv.dll
2014-01-11 12:12:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2014-01-11 12:12:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2014-01-11 12:12:20 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2014-01-11 12:12:20 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
==================== Find3M ====================
.
2014-01-18 14:54:38 60416 ----a-w- c:\windows\ALCFDRTM.VER
2014-01-02 15:20:33 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-30 03:57:12 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2013-12-21 17:22:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-12-13 09:30:44 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-13 09:30:37 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-12-13 08:34:03 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-12-13 08:31:55 22328 ----a-w- c:\documents and settings\mihajlo\application data\PnkBstrK.sys
2013-12-12 05:09:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 05:09:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-06 07:26:33 0 ----a-w- c:\windows\ativpsrm.bin
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 19:08:24.54 ===============
attach

[Link mogu videti samo ulogovani korisnici]

Dopuna: 02 Feb 2014 19:21

Evo je tema
[Link mogu videti samo ulogovani korisnici]

• 1Ovo se svidja korisniku: Fireskull
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
1. deaktiviraj zaštitni softver (uputstvo);
2. zatvori pokrenute programe;
3. dvoklikom pokreni program ComboFix;
4. u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
2. klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozz
Pokusao sam opet sa programom Malwarebytesom i skenirao mi je racunar posle sam sve ukljucio i restartovao komp i ne pojavljuje mi se vise nista
Hvala puno i za ovo izvini sto sam te mucio za ovo

• 1Ovo se svidja korisniku: Fireskull
  
  Registruj se da bi pohvalio/la poruku!

Savetovao bih ti da ispratis moj post, kako bih ja mogao hladne glave da kazem da je tvoj racunar cist od malwarea. Ali kako hoces

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 03 Feb 2014 13:28

E ovako Sve sam uradio kako si rekao i restartovao mi se komp i bio mi je crn ekran sacekao sam 5,6 minuta i nista,pa sam restartovao komp opet na dugme i okej normalno se upalio i pojavilo mi se ovo


Usao sam u C disk pa u combofix folder pa sam pronasao fajl:combofix.txt
evo to je ovaj fajl

[Link mogu videti samo ulogovani korisnici]

ComboFix 14-02-01.01 - Mihajlo 02/03/2014 12:58:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.201 [GMT 1:00]
Running from: C:\Documents and Settings\Mihajlo\My Documents\ComboFix.exe
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\MPK
C:\Documents and Settings\All Users\Application Data\MPK\1\D0000
C:\Documents and Settings\All Users\Application Data\MPK\1\S0000
C:\Documents and Settings\All Users\Application Data\MPK\2\D0000
C:\Documents and Settings\All Users\Application Data\MPK\2\S0000
C:\Documents and Settings\All Users\Application Data\MPK\CPDM\cpfm.bin
C:\Documents and Settings\All Users\Application Data\MPK\M0000
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Keylogger\Order now!.lnk
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Keylogger\REFOG Keylogger on the Web.lnk
C:\Documents and Settings\All Users\Application Data\MPK\REFOG Keylogger\REFOG Keylogger.lnk
C:\Documents and Settings\All Users\Application Data\MPK\S0000
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\addon.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\blocklist.json
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DT.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DTReg.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\searchhere.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\update.exe
C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
C:\Program Files\DefaultTab
C:\Program Files\DefaultTab\DefaultTab.crx
C:\Program Files\DefaultTab\DefaultTabHost.exe
C:\Program Files\DefaultTab\DefaultTabHost.json
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\DefaultTab\uid
C:\Win
C:\Win\names.txt
C:\WINDOWS\system32\VIRepair
C:\WINDOWS\system32\VIRepair\vi.sif


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate


((((((((((((((((((((((((( Files Created from 2014-01-03 to 2014-02-03 )))))))))))))))))))))))))))))))


2014-02-02 16:37:30 . 2014-02-02 16:40:57 40776 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2014-02-02 16:37:30 . 2014-02-02 16:37:30 -------- d-----w- C:\Documents and Settings\Mihajlo\Application Data\Malwarebytes
2014-02-02 16:37:21 . 2014-02-02 16:37:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-02 13:29:01 . 2014-02-02 13:29:01 -------- d-----w- C:\Documents and Settings\Mihajlo\Local Settings\Application Data\TechSmith
2014-02-02 13:29:01 . 2014-02-02 13:29:01 -------- d-----w- C:\Documents and Settings\Mihajlo\Local Settings\Application Data\Help
2014-02-02 13:28:31 . 2002-05-08 02:02:00 110592 ----a-w- C:\WINDOWS\system32\tsccvid.dll
2014-02-02 13:28:29 . 2014-02-02 13:28:29 -------- d-----w- C:\Program Files\TechSmith
2014-01-17 02:18:03 . 2014-01-17 02:17:55 1194185 ----a-w- C:\WINDOWS\unins000.exe
2014-01-17 01:58:57 . 2004-10-22 01:18:12 749568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-01-17 01:58:57 . 2004-10-22 01:17:48 69715 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-01-17 01:58:57 . 2004-10-22 01:17:04 274432 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-01-17 01:58:57 . 2004-10-22 01:16:28 180224 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-01-17 01:58:57 . 2004-10-22 01:16:10 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-01-17 01:58:55 . 2014-01-17 01:58:55 323716 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-01-17 01:58:55 . 2014-01-17 01:58:55 192644 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-01-16 23:18:39 . 2008-05-21 08:48:53 9694440 ----a-w- C:\WINDOWS\Bildschirmschoner.scr
2014-01-15 22:47:04 . 2014-01-15 22:47:04 -------- d-----w- C:\WINDOWS\San Andreas Mod Installer
2014-01-15 22:34:05 . 2014-01-17 01:59:35 -------- d-----w- C:\Program Files\Rockstar Games
2014-01-14 14:43:23 . 2014-01-14 14:43:26 -------- d-----w- C:\Program Files\CCleaner
2014-01-11 12:12:26 . 2008-04-14 01:41:56 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll
2014-01-11 12:12:26 . 2008-04-14 01:41:56 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll
2014-01-11 12:12:25 . 2001-08-17 09:48:00 12160 -c--a-w- C:\WINDOWS\system32\dllcache\mouhid.sys
2014-01-11 12:12:25 . 2001-08-17 09:48:00 12160 ----a-w- C:\WINDOWS\system32\drivers\mouhid.sys
2014-01-11 12:12:20 . 2008-04-13 20:15:28 10368 -c--a-w- C:\WINDOWS\system32\dllcache\hidusb.sys
2014-01-11 12:12:20 . 2008-04-13 20:15:28 10368 ----a-w- C:\WINDOWS\system32\drivers\hidusb.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-01-18 14:54:38 . 2013-12-30 03:57:12 60416 ----a-w- C:\WINDOWS\ALCFDRTM.VER
2014-01-02 15:20:33 . 2014-01-02 15:20:33 243128 ----a-w- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2013-12-30 03:57:12 . 2013-12-30 03:57:12 60416 ----a-w- C:\WINDOWS\ALCFDRTM.EXE
2013-12-21 17:22:59 . 2013-12-21 17:22:59 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2013-12-18 17:13:44 . 2013-12-18 14:47:03 2311840 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-12-18 14:47:17 . 2013-12-18 14:47:17 18368 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2013-12-18 00:20:02 . 2013-12-18 00:20:02 112832 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2013-12-13 09:30:44 . 2013-12-13 08:31:55 22328 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2013-12-13 09:30:37 . 2013-12-13 08:31:42 103736 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2013-12-13 08:34:03 . 2013-12-13 08:31:39 66872 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2013-12-13 08:31:55 . 2013-12-13 08:31:55 22328 ----a-w- C:\Documents and Settings\Mihajlo\Application Data\PnkBstrK.sys
2013-12-12 05:09:49 . 2008-04-14 12:00:00 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-12 05:09:49 . 2008-04-14 12:00:00 692616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-27 20:21:06 . 2012-06-13 15:35:14 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 . 2012-02-29 14:08:49 150528 ----a-w- C:\WINDOWS\system32\imagehlp.dll
2013-11-07 05:38:51 . 2012-06-13 15:35:25 591360 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2013-11-06 01:03:31 . 2012-06-13 15:36:25 7168 ----a-w- C:\WINDOWS\system32\xpsp4res.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2012-06-13 15:41:04 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Documents and Settings\Mihajlo\Application Data\BitTorrent\BitTorrent.exe" [2014-02-03 00:27:37 900696]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 08:29:38 3675352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2013-01-08 11:59:26 18705664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 17:06:52 577536]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-09-24 09:33:46 98304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57:26 959904 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-01-01 18:43:21 138096 ----atw- C:\Documents and Settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2013-11-14 02:53:19 1283584 ----a-w- C:\Documents and Settings\Mihajlo\Application Data\newnext.me\nengine.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Mihajlo\\Application Data\\BitTorrent\\BitTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Documents and Settings\\Mihajlo\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"C:\\Program Files\\PANDORA.TV\\PanService\\KMPProcess.exe"=

R0 mv61xxmm;mv61xxmm;C:\WINDOWS\system32\drivers\mv61xxmm.sys [6/13/2012 4:45:08 PM 13616]
R0 mv64xxmm;mv64xxmm;C:\WINDOWS\system32\drivers\mv64xxmm.sys [6/13/2012 4:45:08 PM 5632]
R0 mvxxmm;mvxxmm;C:\WINDOWS\system32\drivers\mvxxmm.sys [6/13/2012 4:45:08 PM 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\drivers\nvcchflt.sys [1/22/2013 4:05:49 AM 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [1/2/2014 4:20:33 PM 243128]
R2 PanService;PandoraService;C:\Program Files\PANDORA.TV\PanService\KMPService.exe [12/18/2013 6:46:23 PM 1922600]
R2 Skype C2C Service;Skype C2C Service;C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58:16 AM 3275136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\system32\drivers\AtihdXP3.sys [12/20/2013 6:49:49 PM 103040]
S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [1/8/2013 12:55:20 PM 161536]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2/2/2014 5:37:30 PM 40776]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" --> C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [?]
S4 RsFx0103;RsFx0103 Driver;C:\WINDOWS\system32\drivers\RsFx0103.sys [3/30/2009 3:09:28 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS --> C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-31 08:06:00 1211672 ----a-w- C:\Program Files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-02-03 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 15:36:07 . 2013-12-12 05:09:52]

2014-02-02 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-152049171-842925246-1003Core.job
- C:\Documents and Settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-01-01 18:43:23 . 2014-01-01 18:43:21]

2014-02-03 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-152049171-842925246-1003UA.job
- C:\Documents and Settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-01-01 18:43:23 . 2014-01-01 18:43:21]

2014-02-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-28 06:17:06 . 2013-12-28 06:17:01]

2014-02-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-28 06:17:06 . 2013-12-28 06:17:01]


------- Supplementary Scan -------

uStart Page = [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - C:\Win\lsass.exe
MSConfigStartUp-mobilegeni daemon - C:\Program Files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-run32 - C:\Win\lsass.exe
MSConfigStartUp-Software Updates Free - C:\Program Files\Software Updates Free\Software Checker.exe
AddRemove-Counter-Strike 1.6 - D:\Program Files\Counter-Strike 1.6\Uninstal.exe
AddRemove-DefaultTab - C:\Documents and Settings\Mihajlo\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-KB968369 - C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe
AddRemove-Microsoft SQL Server 10 - C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe
AddRemove-S.W.A.T. 4_is1 - D:\Program Files\S.W.A.T. 4\unins000.exe
AddRemove-The KMPlayer - C:\Program Files\The KMPlayer\uninstall.exe
AddRemove-{6E7DD182-9FC6-4651-0095-2E666CC6AF35} - D:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe



To je to sta sada?

Dopuna: 03 Feb 2014 13:36

I nisam imao nikakav problem sa programima normalno su se ukljucili

• 3Ovo se svidja korisnicima: Fireskull, NIx Car, ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Izvinjavam se sto upadam, imao si na racunaru Keylogger, jednog Crva i gomilu Adware-a. Mozda ti nisi primetio, ali mi jesmo

Nix ce ti dati dalja uputstva kada se vrati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 03 Feb 2014 13:44

Wow nisam znao za to Da li ce onda da mi bude brzi racunar kada se svi ti ''uljezi'' obrisu?

Dopuna: 03 Feb 2014 13:47

A i meni je to sve upalo zato sto nemam antivirus mnogo mi koci racunar.

Dopuna: 03 Feb 2014 19:52

Nix sta sada?

• 1Ovo se svidja korisniku: Fireskull
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 03 Feb 2014 21:37

Izvini, imao sam privatnih obaveza ceo dan, sad sam tek kao čovek seo za računar. Moram se konsultovati sa kolegama, pa ću te obavestiti šta dalje da radiš.

Dopuna: 03 Feb 2014 21:56

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Documents and Settings\Mihajlo\Application Data\newnext.me

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 04 Feb 2014 14:27

Evo to je ovo nisam znao gde je faj pa sam prekopirao
ComboFix 14-02-03.01 - Mihajlo 02/04/2014 14:14:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.114 [GMT 1:00]
Running from: c:\documents and settings\Mihajlo\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Mihajlo\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mihajlo\Application Data\newnext.me
c:\documents and settings\Mihajlo\Application Data\newnext.me\cache\spark.bin
c:\documents and settings\Mihajlo\Application Data\newnext.me\nengine.cookie
c:\documents and settings\Mihajlo\Application Data\newnext.me\nengine.dll
C:\Win
c:\win\lsass.exe
c:\win\names.txt
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\MPK\1\D0000
c:\documents and settings\All Users\Application Data\MPK\1\S0000
c:\documents and settings\All Users\Application Data\MPK\2\D0000
c:\documents and settings\All Users\Application Data\MPK\2\S0000
c:\documents and settings\All Users\Application Data\MPK\CPDM\cpfm.bin
c:\documents and settings\All Users\Application Data\MPK\M0000
c:\documents and settings\All Users\Application Data\MPK\REFOG Keylogger\Order now!.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Keylogger\REFOG Keylogger on the Web.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Keylogger\REFOG Keylogger.lnk
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\blocklist.json
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DTReg.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\update.exe
c:\documents and settings\Mihajlo\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabHost.exe
c:\program files\DefaultTab\DefaultTabHost.json
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\win\names.txt
c:\windows\system32\VIRepair\vi.sif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
-------\Service_DefaultTabSearch
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-01-04 to 2014-02-04 )))))))))))))))))))))))))))))))
.
.
2014-02-02 16:37 . 2014-02-02 16:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 16:37 . 2014-02-02 16:37 -------- d-----w- c:\documents and settings\Mihajlo\Application Data\Malwarebytes
2014-02-02 16:37 . 2014-02-02 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-02 13:29 . 2014-02-02 13:29 -------- d-----w- c:\documents and settings\Mihajlo\Local Settings\Application Data\TechSmith
2014-02-02 13:29 . 2014-02-02 13:29 -------- d-----w- c:\documents and settings\Mihajlo\Local Settings\Application Data\Help
2014-02-02 13:28 . 2002-05-08 02:02 110592 ----a-w- c:\windows\system32\tsccvid.dll
2014-02-02 13:28 . 2014-02-02 13:28 -------- d-----w- c:\program files\TechSmith
2014-01-17 02:18 . 2014-01-17 02:17 1194185 ----a-w- c:\windows\unins000.exe
2014-01-17 01:58 . 2004-10-22 01:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-01-17 01:58 . 2004-10-22 01:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-01-17 01:58 . 2004-10-22 01:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-01-17 01:58 . 2004-10-22 01:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-01-17 01:58 . 2004-10-22 01:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-01-17 01:58 . 2014-01-17 01:58 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-01-17 01:58 . 2014-01-17 01:58 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-01-16 23:18 . 2008-05-21 08:48 9694440 ----a-w- c:\windows\Bildschirmschoner.scr
2014-01-15 22:47 . 2014-01-15 22:47 -------- d-----w- c:\windows\San Andreas Mod Installer
2014-01-15 22:34 . 2014-01-17 01:59 -------- d-----w- c:\program files\Rockstar Games
2014-01-14 14:43 . 2014-01-14 14:43 -------- d-----w- c:\program files\CCleaner
2014-01-11 12:12 . 2008-04-14 01:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2014-01-11 12:12 . 2008-04-14 01:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2014-01-11 12:12 . 2001-08-17 09:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2014-01-11 12:12 . 2001-08-17 09:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2014-01-11 12:12 . 2008-04-13 20:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2014-01-11 12:12 . 2008-04-13 20:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 14:54 . 2013-12-30 03:57 60416 ----a-w- c:\windows\ALCFDRTM.VER
2014-01-02 15:20 . 2014-01-02 15:20 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-30 03:57 . 2013-12-30 03:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2013-12-21 17:22 . 2013-12-21 17:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-12-18 17:13 . 2013-12-18 14:47 2311840 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-12-18 14:47 . 2013-12-18 14:47 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2013-12-18 00:20 . 2013-12-18 00:20 112832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2013-12-13 09:30 . 2013-12-13 08:31 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-12-13 09:30 . 2013-12-13 08:31 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-12-13 08:34 . 2013-12-13 08:31 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-12-13 08:31 . 2013-12-13 08:31 22328 ----a-w- c:\documents and settings\Mihajlo\Application Data\PnkBstrK.sys
2013-12-12 05:09 . 2008-04-14 12:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 05:09 . 2008-04-14 12:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21 . 2012-06-13 15:35 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2012-02-29 14:08 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2012-06-13 15:35 591360 ----a-w- c:\windows\system32\rpcrt4.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-13 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\documents and settings\Mihajlo\Application Data\BitTorrent\BitTorrent.exe" [2014-02-03 900696]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 577536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-09-24 98304]
"run32"="c:\win\lsass.exe" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2014-01-01 18:43 138096 ----atw- c:\documents and settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
c:\program files\Mobogenie\DaemonProcess.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run32]
c:\win\lsass.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Updates Free]
c:\program files\Software Updates Free\Software Checker.exe [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Mihajlo\\Application Data\\BitTorrent\\BitTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Mihajlo\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\KMPProcess.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [6/13/2012 4:45 PM 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [6/13/2012 4:45 PM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [6/13/2012 4:45 PM 13616]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1/22/2013 4:05 AM 16640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/2/2014 4:20 PM 243128]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/20/2013 6:49 PM 103040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/2/2014 5:37 PM 40776]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-31 08:06 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 05:09]
.
2014-02-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-152049171-842925246-1003Core.job
- c:\documents and settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-01-01 18:43]
.
2014-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-152049171-842925246-1003UA.job
- c:\documents and settings\Mihajlo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-01-01 18:43]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 06:17]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-28 06:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2014-02-04 14:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2014-02-04 14:25:31
ComboFix-quarantined-files.txt 2014-02-04 13:25
.
Pre-Run: 4,513,959,936 bytes free
Post-Run: 4,517,695,488 bytes free
.
- - End Of File - - E044B281BEC9459B732B242A3AC2EA56
8F558EB6672622401DA993E1E865C861

Dopuna: 04 Feb 2014 20:36

Sta sada?

• 1Ovo se svidja korisniku: Fireskull
  
  Registruj se da bi pohvalio/la poruku!

Nemoj koristiti USB diskove dok ti to ne zatražim.





Otvori Notepad i iskopiraj sljedeći tekst:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"run32"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run32]

Folder::
c:\win

ClearJavaCache::


Snimi na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sljedećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.