Virusi?

Salut. Va rog mult sa ma ajutati si pe mine sa imi rezolv o problema. Daca nu am postat unde trebuie, scuzati-ma.
Recunosc ca nu ma pricep foarte bine in ale calculatorului.
De cateva zile, cand vreau sa inchid unele reclame, foarte enervante dealtfel si care, pana nu demult nu imi apareau, mi se tot deschid niste pagini (sau nu stiu cum sa le numesc) numite gogorithm.com, clkmon.com, inclkmon.com si inca cateva care imi si blocheaza calculatorul. Pana acum cateva zile de cand a inceput sa imi tot apara chestiile astea, mergea foarte bine calculatorul. Nu am avut probleme cu el deloc. Am gasit pe net Yac si am descarcat . Am crezut ca rezolv cu el dar degeaba. Mi-a dezinstalat si toolbarul de la Avira. Sa fie virusi sau ce?
Va rog mult de tot daca puteti sa ma ajutati cu un sfat cum pot scapa de problema asta.
Va multumesc.

Buna.

1. Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe AdwCleaner.exe pentru al rula.
Pentru Windows Vista sau Windows7,Windows8
click dreapta, selecteaza Run as administrator.
Click pe Scan.
Asteapta sa termine de cautat, click pe Clean.
Dupa ce termina de curatat, apasa pe Report.
Posteaza continutul fisierului aici.
Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar).

[ http://s3.postimg.org/tfjxm09qr/Adw_C.png - Pentru incarcare in pagina (embed) Click aici ]

2. Descarca si salveaza pe Desktop Junkware Removal Tool.
Inchide toate programele care ruleaza.
Pentru Windows Vista sau Windows7,Windows8
click dreapta, selecteaza Run as administrator.
Scaneaza cu el.
Ai rabdare cu el, dureaza putin mai mult.
Posteaza logul aici.

[ http://s7.postimage.org/z2rwy800r/JRT.jpg - Pentru incarcare in pagina (embed) Click aici ]

# Adwcleaner v3.216 - Report created 23/07/2014 at 22:50:40
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : a - MA-4637E5C89EBF
# Running from : C:\Documents and Settings\a\My Documents\Descarcari\adwcleaner_3.216.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdatem
[#] Service Deleted : iSafeNetFilter
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\iSafe
Folder Deleted : C:\Program Files\MediaBuzzV1
Folder Deleted : C:\Program Files\VNT
Folder Deleted : C:\Documents and Settings\a\Local Settings\application Data\VNT
Folder Deleted : C:\Documents and Settings\a\application Data\eCyber
Folder Deleted : C:\Documents and Settings\a\application Data\iSafe
Folder Deleted : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Documents and Settings\a\application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
File Deleted : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\invalidprefs.js
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKCU\Software\96dc8be668b849
Key Deleted : HKLM\SOFTWARE\96dc8be668b849
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544334460}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\iSafe
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 ro)
[ File : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\prefs.js ]

-\\ Google Chrome v36.0.1985.125
[ File : C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MA1A49A64-5F93-4812-86C0-BE246AA85A17&SearchSource=58&CUI=&UM=6&UP=SPCD3929C1-568C-4AA2-A23F-31C29E455D2A&q={searchTerms}&SSPV=
*************************
AdwCleaner[R0].txt - [4973 octets] - [23/07/2014 22:49:21]
AdwCleaner[S0].txt - [5004 octets] - [23/07/2014 22:50:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5064 octets] ##########

Dupa ce rulezi si JRT(Junkware Removal Tool), te rog sa spui si cum se comporta "pacientul".

La fel se comporta. Nu s-a schimbat nimic. Mi se deschid in continuare "chestiile" alea.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by a on Wed 07/23/2014 at 23:10:00.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-746137067-2025429265-1606980848-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}
~~~ Files
Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/23/2014 at 23:16:29.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by marilenad, 23 July 2014 - 22:25.

Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza.
Scoate tot din porturile USB(Memory Stick, Hard Extern).
Dublu click pe RogueKiller.exe, pentru a rula.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Click pe "Report" si copy/paste aici.

Pe imaginea de mai jos ignora pasul 3!

[ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : a [Admin rights]
Mode : Scan -- Date : 07/24/2014 20:20:50
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : BitTorrent ("C:\Documents and Settings\a\Application Data\BitTorrent\BitTorrent.exe"  /MINIMIZED) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-746137067-2025429265-1606980848-1003[...]\Run : BitTorrent ("C:\Documents and Settings\a\Application Data\BitTorrent\BitTorrent.exe"  /MINIMIZED) [-] -> FOUND
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\a\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{5F7318A8-5D93-44A5-A3D8-C491120E838A} : NameServer (89.39.72.23 89.39.72.10) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC55C -> HOOKED (Unknown @ 0xF7C7917C)
SSDT[41] : NtCreateKey @ 0x80624120 -> HOOKED (Unknown @ 0xF7C79136)
SSDT[50] : NtCreateSection @ 0x805AB3F4 -> HOOKED (Unknown @ 0xF7C79186)
SSDT[53] : NtCreateThread @ 0x805D1048 -> HOOKED (Unknown @ 0xF7C7912C)
SSDT[63] : NtDeleteKey @ 0x806245BC -> HOOKED (Unknown @ 0xF7C7913B)
SSDT[65] : NtDeleteValueKey @ 0x8062478C -> HOOKED (Unknown @ 0xF7C79145)
SSDT[68] : NtDuplicateObject @ 0x805BE034 -> HOOKED (Unknown @ 0xF7C79177)
SSDT[98] : NtLoadKey @ 0x80626344 -> HOOKED (Unknown @ 0xF7C7914A)
SSDT[128] : NtOpenThread @ 0x805CB6FC -> HOOKED (Unknown @ 0xF7C7911D)
SSDT[177] : NtQueryValueKey @ 0x80622344 -> HOOKED (Unknown @ 0xF7C7919F)
SSDT[193] : NtReplaceKey @ 0x806261F4 -> HOOKED (Unknown @ 0xF7C79154)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DA2 -> HOOKED (Unknown @ 0xF7C79190)
SSDT[204] : NtRestoreKey @ 0x80625B00 -> HOOKED (Unknown @ 0xF7C7914F)
SSDT[213] : NtSetContextThread @ 0x805D176A -> HOOKED (Unknown @ 0xF7C7918B)
SSDT[237] : NtSetSecurityObject @ 0x805C065A -> HOOKED (Unknown @ 0xF7C79195)
SSDT[247] : NtSetValueKey @ 0x80622692 -> HOOKED (Unknown @ 0xF7C79140)
SSDT[255] : NtSystemDebugControl @ 0x806180EA -> HOOKED (Unknown @ 0xF7C7919A)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7C791AE)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7C791B3)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1    localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3160815A +++++
--- User ---
[MBR] c94297699e226e7d10db56cfa7712c7a
[BSP] 23a8c30b2f7f77c89faeacfdb1e9a3aa : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20041 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 41046075 | Size: 132583 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_07242014_02d2020.txt >>

Edited by MhG_40, 24 July 2014 - 19:26.

Vad ca l-ai rulat, de l-ai omorat.
In fine.

Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.

ComboFix 14-07-24.01 - a 07/24/2014  21:24:19.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.620 [GMT 3:00]
Running from: c:\documents and settings\a\Desktop\ComboFix.exe
AV: AVG AntiVirus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-24 to 2014-07-24  )))))))))))))))))))))))))))))))
.
.
2014-07-24 18:30 . 2014-07-24 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2014-07-23 20:31 . 2014-07-23 20:31 -------- d-----w- c:\program files\Opera
2014-07-23 20:09 . 2014-07-23 20:09 -------- d-----w- c:\windows\ERUNT
2014-07-23 19:50 . 2010-08-30 05:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-23 19:49 . 2014-07-23 19:51 -------- d-----w- C:\AdwCleaner
2014-07-21 17:36 . 2014-07-21 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Riot Games
2014-07-21 09:51 . 2014-07-21 09:51 -------- d-----w- c:\program files\Enigma Software Group
2014-07-21 09:51 . 2014-07-21 10:45 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-20 19:03 . 2014-07-20 19:03 -------- d-----w- c:\documents and settings\a\Application Data\computer software market
2014-07-20 18:54 . 2014-07-20 18:54 -------- d-----w- c:\windows\iskVolumeMinidump
2014-07-14 20:56 . 2014-07-14 20:56 -------- d-----w- c:\documents and settings\a\Application Data\PowerISO
2014-07-14 20:54 . 2014-07-14 20:54 -------- d-----w- c:\program files\PowerISO
2014-07-14 20:29 . 2014-07-14 20:36 -------- d-----w- c:\program files\Common Files\EasyInfo
2014-07-08 22:08 . 2014-07-08 22:08 -------- d-----w- c:\program files\Common Files\Skype
2014-07-08 20:25 . 2014-07-24 17:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-08 20:24 . 2014-07-08 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-07-08 20:24 . 2014-05-12 04:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-08 20:24 . 2014-05-12 04:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-08 10:10 . 2014-07-08 10:10 -------- d-----w- c:\documents and settings\a\Application Data\java
2014-06-27 06:59 . 2014-06-27 06:59 116320 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 21:42 . 2013-02-14 09:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 21:42 . 2008-04-14 11:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 14:33 . 2013-02-14 09:16 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-04 05:00 . 2013-02-14 09:16 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-08 11:34 . 2013-02-23 07:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-08 11:34 . 2013-02-23 07:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-09 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"BitTorrent"="c:\documents and settings\a\Application Data\BitTorrent\BitTorrent.exe" [2013-05-19 882520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"MKLOL"="c:\program files\MKJogo\MKLOL\MK.exe" [2014-06-19 1227976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2014-06-27 366904]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\a\\Application Data\\BitTorrent\\BitTorrent.exe"=
"d:\\FIFA 2007\\Fifa 2007 + Crack\\fifa07.exe"=
"d:\\Deathrun GraficZone\\hlds.exe"=
"d:\\Counter Strike\\Counter Strike Lant\\cstrike.exe"=
"d:\\Counter Strike\\Counter Strike Lant\\hl.exe"=
"d:\\Download\\VamosMT2 Client officiel 2014\\zvamos.exe"=
"d:\\Counter Strike\\Counter Strike Lant\\hltv.exe"=
"d:\\Counter Strike\\Counter Strike Lant\\hlds.exe"=
"d:\\New Folder (12)\\[NEW]TDLClient[Martie-2013]\\[NEW]TDLClient[Martie-2013]\\metin2client.exe"=
"d:\\Steam2014\\Steam\\Steam.exe"=
"d:\\Counter Strike\\WarZone\\hl.exe"=
"c:\\Program Files\\Java\\jre1.8.0_20\\bin\\javaw.exe"=
"d:\\Program Files\\Origin Games\\Plants vs. Zombies\\PlantsVsZombies.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2880\\Agent.exe"=
"d:\\Metin2Tenerife\\Metin2 Tenerife V1.4\\Start Tenerife1.exe"=
"d:\\Metin2Global\\Metin2GlobalV1.0.7\\Metin2Globalx32bit.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\GameForge\\GameforgeLive\\gfl_client.exe"=
"d:\\Metin2Nou\\Metin2Virtual\\metin2client.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 2:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 2:51 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/5/2013 2:43 AM 39224]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/9/2011 4:22 PM 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/9/2011 4:22 PM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/9/2011 4:22 PM 13616]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 2:50 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 2:34 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 2:50 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 4:08 AM 182072]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/14/2013 12:16 PM 37352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/31/2013 12:33 AM 243128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/14/2013 12:16 PM 430160]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2/14/2013 12:16 PM 1028688]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [12/10/2012 6:29 PM 1435568]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/6/2013 4:38 PM 794272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/8/2014 11:24 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/8/2014 11:25 PM 110296]
S2 appstoreService;appstoreService;c:\program files\iSafe\appstore\appstoreSvc.exe --> c:\program files\iSafe\appstore\appstoreSvc.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2013\avgidsagent.exe" --> c:\program files\AVG\AVG2013\avgidsagent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2013\avgwdsvc.exe" --> c:\program files\AVG\AVG2013\avgwdsvc.exe [?]
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe [7/8/2014 11:24 PM 1809720]
S2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe [7/8/2014 11:24 PM 860472]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-20 09:10 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 21:42]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-29 10:47]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-29 10:47]
.
2014-07-24 c:\windows\Tasks\Opera scheduled Autoupdate 1406147460.job
- c:\program files\Opera\launcher.exe [2014-07-23 08:31]
.
2014-07-24 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2013-10-06 11:44]
.
2014-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2179E7DF-206F-4302-9E87-90EE639CC61C}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google.ro
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-24 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1440)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ATKKBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2014-07-24  21:35:53 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-24 18:35
ComboFix2.txt  2014-07-24 18:00
.
Pre-Run: 2,989,989,888 bytes free
Post-Run: 2,986,655,744 bytes free
.
- - End Of File - - C647A1CC7E5845FAACD768374A2F66BF

Edited by MhG_40, 24 July 2014 - 20:50.