Igre se crashaju / Virus ? (Razni softverski problemi) @ Bug.hr Forum

15 godina

offline

pon 23.4.2012 17:07

Odgovori Citiraj

Igre se crashaju / Virus ?

Jučer vidim stalno nesto trazi dozvolu za firewall i pokrenem Call of Duty 4 i crasha se ( odmah pri paljenju ) . Nakon toga avast je krenuo brisati datoteke sa racunala , odlucio sam da je vjerovatno najbolje windowse reinstalirati , nakon sto sam to napravio i isntalirao sve drivere opet normalno je radilo, do prije eto nekih pola sata . Sada opet se igra rusi , probao sam skenirati sa malware byte-om i sve sto je nasao pobrisao sam ali i dalje se rusi . Naravno isto je i sa sotalim igrama , te i dalje nekakvi cudni fajlovi traze dozvolu za firewall .

(̅_̅_̅(̲̲̲̲̲̅̅̅̅̅̅(̅_̅_̲̅м̲̅a̲̅я̲̅l̲̅b̲̅o̲̅r̲̅o̲̅̅ _̅_̅_̅()

trajni link

0 0 hvala 0

total

15 godina

offline

pon 23.4.2012 17:19

Odgovori Citiraj

Re: Igre se crashaju / Virus ?

AmD kaže...

Jučer vidim stalno nesto trazi dozvolu za firewall i pokrenem Call of Duty 4 i crasha se ( odmah pri paljenju ) . Nakon toga avast je krenuo brisati datoteke sa racunala , odlucio sam da je vjerovatno najbolje windowse reinstalirati , nakon sto sam to napravio i isntalirao sve drivere opet normalno je radilo, do prije eto nekih pola sata . Sada opet se igra rusi , probao sam skenirati sa malware byte-om i sve sto je nasao pobrisao sam ali i dalje se rusi . Naravno isto je i sa sotalim igrama , te i dalje nekakvi cudni fajlovi traze dozvolu za firewall .

možeš li kopirati zadnji malwarebytes log ?

isto tako uradi ovako da pogledam o čemu se točno radi

ili je virut virus ili je zeroaccess ...nakon što odradiš scan s OTS-om, znat će se puno više

trajni link nadporuka

0 0 hvala 0

AmD

15 godina

offline

pon 23.4.2012 19:07

Odgovori Citiraj

Re: Igre se crashaju / Virus ?

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.23.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Matej :: MATEJ- [administrator]

Protection: Enabled

23.4.2012. 16:57:02

mbam-log-2012-04-23 (16-57-02).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 191459

Time elapsed: 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Matej\Desktop\RemoveWAT 2.2.6.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

C:\bxubf.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

eto log , sad cu ono drugo sto si napisao

rogue report

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Matej [Admin rights]

Mode: Scan -- Date: 04/23/2012 19:10:30

¤¤¤ Bad processes: 2 ¤¤¤

[SUSP PATH] winfhbchg.exe -- C:\Users\Matej\AppData\Local\Temp\winfhbchg.exe -> KILLED [TermProc]

[SUSP PATH] wingjygin.exe -- C:\Users\Matej\AppData\Local\Temp\wingjygin.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E9CECB3F-8087-43C5-BD75-791E5EFE03C0} : NameServer (8.8.8.8,4.4.8.8) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E9CECB3F-8087-43C5-BD75-791E5EFE03C0} : NameServer (8.8.8.8,4.4.8.8) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] c19ab5d51822f4b537125b067e6b2ac3

[BSP] 1d55e874d2bb70fd122cfdd57baa0159 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 176839 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 362373120 | Size: 299999 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

2.

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Matej [Admin rights]

Mode: Remove -- Date: 04/23/2012 19:11:15

¤¤¤ Bad processes: 2 ¤¤¤

[SUSP PATH] winfhbchg.exe -- C:\Users\Matej\AppData\Local\Temp\winfhbchg.exe -> KILLED [TermProc]

[SUSP PATH] wingjygin.exe -- C:\Users\Matej\AppData\Local\Temp\wingjygin.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E9CECB3F-8087-43C5-BD75-791E5EFE03C0} : NameServer (8.8.8.8,4.4.8.8) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E9CECB3F-8087-43C5-BD75-791E5EFE03C0} : NameServer (8.8.8.8,4.4.8.8) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] c19ab5d51822f4b537125b067e6b2ac3

[BSP] 1d55e874d2bb70fd122cfdd57baa0159 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 176839 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 362373120 | Size: 299999 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

link na OTS log - KLIK

(̅_̅_̅(̲̲̲̲̲̅̅̅̅̅̅(̅_̅_̲̅м̲̅a̲̅я̲̅l̲̅b̲̅o̲̅r̲̅o̲̅̅ _̅_̅_̅()

Poruka je uređivana zadnji put pon 23.4.2012 19:17 (AmD).

trajni link nadporuka

0 0 hvala 0

total

15 godina

offline

pon 23.4.2012 19:48

Odgovori Citiraj

Igre se crashaju / Virus ?

-isključi malwarebtes realtime zaštitu

-otvori OTS i ovo kopiraj u prazno polje

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> FC 79 D5 77 94 20 CD 01 [binary data]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> TCP Query User{2091E29B-183E-4336-97FF-AE736481068E}C:\users\matej\appdata\local\temp\ymmxna.exe -> profile=public | protocol=6 | dir=in | action=block | name=ymmxna.exe | app=c:\users\matej\appdata\local\temp\ymmxna.exe |
YN -> TCP Query User{2C3D8B6A-6F41-43EC-A098-162F164CBBF7}C:\users\matej\appdata\local\temp\winfhbchg.exe -> profile=public | protocol=6 | dir=in | action=block | name=winfhbchg.exe | app=c:\users\matej\appdata\local\temp\winfhbchg.exe |
YN -> TCP Query User{3F9AF0FE-BCE5-44FF-9856-C0F887636721}C:\users\matej\appdata\local\temp\fqhjtf.exe -> profile=public | protocol=6 | dir=in | action=block | name=fqhjtf.exe | app=c:\users\matej\appdata\local\temp\fqhjtf.exe |
YN -> TCP Query User{4B4CB31E-B566-458A-A44C-0575B56E5323}C:\users\matej\appdata\local\temp\wingjygin.exe -> profile=public | protocol=6 | dir=in | action=block | name=wingjygin.exe | app=c:\users\matej\appdata\local\temp\wingjygin.exe |
YN -> TCP Query User{6B3A8827-C0C5-432B-9A12-D1A27A4337FC}C:\users\matej\appdata\local\temp\winhcvrlg.exe -> profile=public | protocol=6 | dir=in | action=block | name=winhcvrlg.exe | app=c:\users\matej\appdata\local\temp\winhcvrlg.exe |
YN -> TCP Query User{6DF366B0-4823-46FA-BEEA-05F7AFB89A68}C:\users\matej\appdata\local\temp\winaxnmu.exe -> profile=public | protocol=6 | dir=in | action=block | name=winaxnmu.exe | app=c:\users\matej\appdata\local\temp\winaxnmu.exe |
YN -> UDP Query User{174713FA-1BF8-4694-81BB-CDBD7ECA9A25}C:\users\matej\appdata\local\temp\winhcvrlg.exe -> profile=public | protocol=17 | dir=in | action=block | name=winhcvrlg.exe | app=c:\users\matej\appdata\local\temp\winhcvrlg.exe |
YN -> UDP Query User{343EB923-C7AD-4855-A910-27AD93EEC51E}C:\users\matej\appdata\local\temp\winaxnmu.exe -> profile=public | protocol=17 | dir=in | action=block | name=winaxnmu.exe | app=c:\users\matej\appdata\local\temp\winaxnmu.exe |
YN -> UDP Query User{42CE71F3-8097-44D1-B17F-CC664BB534D1}C:\users\matej\appdata\local\temp\ymmxna.exe -> profile=public | protocol=17 | dir=in | action=block | name=ymmxna.exe | app=c:\users\matej\appdata\local\temp\ymmxna.exe |
YN -> UDP Query User{45B4E77A-8F19-45D0-96CB-85778DF7F80A}C:\users\matej\appdata\local\temp\fqhjtf.exe -> profile=public | protocol=17 | dir=in | action=block | name=fqhjtf.exe | app=c:\users\matej\appdata\local\temp\fqhjtf.exe |
YN -> UDP Query User{578DDDCF-C658-4165-89E6-0079E16805FB}C:\users\matej\appdata\local\temp\winfhbchg.exe -> profile=public | protocol=17 | dir=in | action=block | name=winfhbchg.exe | app=c:\users\matej\appdata\local\temp\winfhbchg.exe |
YN -> UDP Query User{B31ADEF1-AB29-40D3-ADB2-2CA40DE89DA2}C:\users\matej\appdata\local\temp\wingjygin.exe -> profile=public | protocol=17 | dir=in | action=block | name=wingjygin.exe | app=c:\users\matej\appdata\local\temp\wingjygin.exe |
< Drives with AutoRun files > ->
NY -> C:\autorun.inf -> C:\autorun.inf [ NTFS ]
NY -> D:\autorun.inf -> D:\autorun.inf [ NTFS ]
[Files/Folders - Modified Within 30 Days]
NY -> bxubf.exe -> C:\bxubf.exe
NY -> autorun.inf -> C:\autorun.inf
NY -> 4 C:\Users\Matej\AppData\Local\Temp\*.tmp files -> C:\Users\Matej\AppData\Local\Temp\*.tmp
[Files - No Company Name]
NY -> bxubf.exe -> C:\bxubf.exe
NY -> autorun.inf -> C:\autorun.inf
[Custom Scans]
YY -> bxubf.exe -> C:\bxubf.exe
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Reboot]

-klik na RUN FIX

-log koji dobiješ kopiraj

2.skini comborfix i spremi na desktop

-isključi antivirus i malwarebytes realtime

-pokreni combofix i na sve što traži odgovori potvrdno

-log koji dobiješ ćeš isto tako kopirati

ipak je samo crv/worm u pitanju..ništa strašno

vrlo vjerojatno si se zarazio umetanjem usbstika u računalo

ako imaš stik, nemoj ga kopčati u računalo, njega ćemo kasnije očistiti

trajni link

0 0 hvala 0

AmD

15 godina

offline

pon 23.4.2012 20:45

Odgovori Citiraj

Re: Igre se crashaju / Virus ?

OTS zablokirao 2 puta , stoga njega nisam . Evo onaj drugi

ComboFix 12-04-23.02 - Matej 3.04.2012. 20:36:04.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.4095.3109 [GMT 2:00]

Running from: c:\users\Matej\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\wstwf.log

D:\Autorun.inf

D:\itma.exe

.

((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))

.

2012-04-23 18:38 . 2012-04-23 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-23 18:22 . 2012-04-23 18:22 -------- d-----w- C:\_OTS

2012-04-23 15:01 . 2012-04-23 15:01 99328 ----a-w- C:\bxubf.exe

2012-04-23 14:55 . 2012-04-23 14:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-23 14:55 . 2012-04-23 14:55 -------- d-----w- c:\programdata\Malwarebytes

2012-04-23 14:55 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-23 13:37 . 2012-04-23 13:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-04-23 00:17 . 2012-04-22 14:25 -------- d-----w- c:\windows\Panther

2012-04-22 18:57 . 2012-04-22 18:57 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-04-22 16:46 . 2012-04-23 17:20 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-04-22 15:39 . 2012-04-22 15:39 -------- d-----w- c:\program files (x86)\MSECache

2012-04-22 15:23 . 2012-04-22 15:24 -------- d-----w- c:\programdata\Xfire

2012-04-22 15:23 . 2012-04-22 15:23 -------- d-----w- c:\program files (x86)\Xfire

2012-04-22 15:13 . 2012-04-23 17:20 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-04-22 15:13 . 2012-04-23 16:54 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-22 15:13 . 2012-04-23 15:27 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-04-22 15:10 . 2012-04-22 15:10 -------- d-----w- c:\program files (x86)\Activision

2012-04-22 14:44 . 2012-04-22 14:44 -------- d-----w- c:\windows\SysWow64\Wat

2012-04-22 14:44 . 2012-04-22 14:44 -------- d-----w- c:\windows\system32\Wat

2012-04-22 14:39 . 2012-04-22 14:39 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2012-04-22 14:39 . 2012-04-22 14:39 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-04-22 14:39 . 2012-04-22 14:39 -------- d-----w- c:\programdata\Logishrd

2012-04-22 14:39 . 2012-04-22 14:39 -------- d-----w- c:\program files\Logitech

2012-04-22 14:38 . 2012-04-22 14:39 -------- d-----w- c:\program files\Common Files\Logishrd

2012-04-22 14:33 . 2012-04-22 14:33 -------- d-----w- c:\programdata\ATI

2012-04-22 14:31 . 2012-04-23 15:15 -------- d-----w- c:\program files (x86)\InstallShield Installation Information

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files (x86)\AMD AVT

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files\AMD

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files (x86)\AMD

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files (x86)\AMD APP

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-04-22 14:28 . 2012-04-22 14:28 -------- d-----w- c:\programdata\AMD

2012-04-22 14:28 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys

2012-04-22 14:27 . 2012-04-22 14:27 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-04-22 14:27 . 2012-04-23 15:19 -------- d-sh--w- c:\windows\Installer

2012-04-22 14:27 . 2012-04-22 14:28 -------- d-----w- c:\program files\ATI Technologies

2012-04-22 14:27 . 2012-04-22 14:27 -------- d-----w- c:\program files\ATI

2012-04-22 14:26 . 2012-04-22 14:26 -------- d-----w- C:\AMD

2012-04-22 14:25 . 2012-04-22 14:25 -------- d-----w- c:\users\Matej

2012-04-22 14:25 . 2012-04-22 14:25 -------- d-----w- C:\Recovery

2012-04-22 14:20 . 2012-04-22 14:20 0 ----a-w- c:\windows\ativpsrm.bin

2012-04-17 05:31 . 2012-04-17 05:31 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll

2012-04-17 05:31 . 2012-04-17 05:31 28056 ----a-w- c:\windows\system32\xfcodec64.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-22 14:44 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll

2012-04-22 14:44 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll

2012-04-22 14:44 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2012-04-22 14:44 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll

2012-04-22 14:44 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2012-02-15 03:17 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:16 . 2012-02-15 02:16 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2012-02-15 02:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-14 20:05 . 2012-02-14 20:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-14 20:05 . 2012-02-14 20:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-14 20:05 . 2012-02-14 20:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-02-14 20:05 . 2012-02-14 20:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-02-14 20:05 . 2012-02-14 20:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll

2012-02-14 20:04 . 2012-02-14 20:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-02-14 20:03 . 2012-02-14 20:03 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-14 20:03 . 2012-02-14 20:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-01-31 04:02 . 2012-01-31 04:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 04:00 . 2012-01-31 04:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[-] 2012-04-22 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2012-04-22 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Matej\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-22 203072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 705664]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Registracija proizvoda.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 587016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 80384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530914189-2052248754-1505902800-1000Core.job

- c:\users\Matej\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-22 14:38]

.

2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530914189-2052248754-1505902800-1000UA.job

- c:\users\Matej\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-22 14:38]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3530914189-2052248754-1505902800-1000Core.job

- c:\users\Matej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22 14:31]

.

2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3530914189-2052248754-1505902800-1000UA.job

- c:\users\Matej\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-22 14:31]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: Interfaces\{E9CECB3F-8087-43C5-BD75-791E5EFE03C0}: NameServer = 8.8.8.8,4.4.8.8

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-04-23 20:42:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-23 18:42

.

Pre-Run: 163.620.474.880 bytes free

Post-Run: 163.356.950.528 bytes free

.

- - End Of File - - B40DF0478BA6406DBAFD0B586CBA68F7

(̅_̅_̅(̲̲̲̲̲̅̅̅̅̅̅(̅_̅_̲̅м̲̅a̲̅я̲̅l̲̅b̲̅o̲̅r̲̅o̲̅̅ _̅_̅_̅()

Poruka je uređivana zadnji put pon 23.4.2012 20:46 (AmD).

trajni link nadporuka

0 0 hvala 0

total

15 godina

offline

uto 24.4.2012 13:09

Odgovori Citiraj

Igre se crashaju / Virus ?

otvori notepad i ovo kopiraj u notepad

KIllAll::

ClearJavaCache::

File::
C:\bxubf.exe
c:\users\matej\appdata\local\temp\ymmxna.exe
c:\users\matej\appdata\local\temp\wingjygin.exe
c:\users\matej\appdata\local\temp\winfhbchg.exe
C:\users\matej\appdata\local\temp\fqhjtf.exe
c:\users\matej\appdata\local\temp\winaxnmu.exe
C:\users\matej\appdata\local\temp\winhcvrlg.exe

Filelook::
c:\windows\system32\user32.dll

zatvori notepad i spremi kao CFScript na desktop

-isključi antivirus i malwarebytes

-skriptu s mišem uvuci u combofix.exe

-log koji dobiješ kopiraj

2. za USB stick

-skini ovaj program i spremi ga na desktop
-pokreni usbnorisk i saćekaj desetak sekundi
-ubaci stik u računalo (ako imaš više stikova, ubacuj jedan po jedan i zapamti ili zapiši koji je prvi ,drugi itd.
-sacekaj desetak sekundi
-desni klik mišem na sred prozora i odaberi opciju save scrambled log
-log kopiraj

trajni link

0 0 hvala 0

AmD

15 godina

offline

uto 24.4.2012 15:20

Odgovori Citiraj

Re: Igre se crashaju / Virus ?

Sa skriptom

ComboFix 12-04-24.02 - Matej 4.04.2012. 15:10:20.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.4095.2777 [GMT 2:00]

Running from: c:\users\Matej\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\jukyy.pif

c:\windows\wstwf.log

D:\Autorun.inf

D:\igwr.exe

.

((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))

.

2012-04-24 13:13 . 2012-04-24 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-23 19:28 . 2012-04-23 19:28 -------- d-----w- c:\program files (x86)\VirtualDJ

2012-04-23 18:22 . 2012-04-23 18:22 -------- d-----w- C:\_OTS

2012-04-23 14:55 . 2012-04-23 14:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-23 14:55 . 2012-04-23 14:55 -------- d-----w- c:\programdata\Malwarebytes

2012-04-23 14:55 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-23 13:37 . 2012-04-23 13:37 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-04-23 00:17 . 2012-04-22 14:25 -------- d-----w- c:\windows\Panther

2012-04-22 18:57 . 2012-04-22 18:57 -------- d-----w- c:\program files\TeamSpeak 3 Client

2012-04-22 16:46 . 2012-04-24 11:11 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-04-22 15:39 . 2012-04-22 15:39 -------- d-----w- c:\program files (x86)\MSECache

2012-04-22 15:23 . 2012-04-22 15:24 -------- d-----w- c:\programdata\Xfire

2012-04-22 15:23 . 2012-04-22 15:23 -------- d-----w- c:\program files (x86)\Xfire

2012-04-22 15:13 . 2012-04-24 11:11 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-04-22 15:13 . 2012-04-24 11:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-22 15:13 . 2012-04-24 06:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe