MyCity » Ambulanta -> Arhiva Ambulante » Mislim da imam viruse u kompjuteru?!

Mislim da imam viruse u kompjuteru?!

Napisano na dan: 1.5.2014
1

Mislim da imam viruse u kompjuteru?!
Sledeća strana Pagination

Idi na vrh

Poslao: 01 Maj 2014 10:31
Idi na vrh
offline
  • Marko
  • Pridružio: 30 Maj 2013
  • Poruke: 424
  • Gde živiš: U kući

Napisano: 01 Maj 2014 10:30

Pozdrav, hoću da tesiram kompjuter da li ima viruse... Skinuo sam AdwCleaner, ali kad sam skinuo pisalo je da ima viruse. Komp je počeo malo da koči, i nekako mi je čudan, kao da ga neko drugi koristi i ubacuje mi viruse. Počelo je otprilike od pre 2 nedelje. Skenirao sam sa AVG 2014 (njega sam instalirao pre 2 nedelje i mislim ali nisam siguran da mi od tad koči) i piše da nema ništa. Evo sad ću poslati izveštaje od FRST. Shocked

Dopuna: 01 Maj 2014 10:31

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Home (administrator) on HOME-PC on 01-05-2014 10:26:51
Running from C:\Users\Home\Desktop\FRST
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) D:\Game\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) D:\Game\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71DEA046E22BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {4DB74D06-491C-440D-305E-012400990F3E} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default
FF Homepage: www.google.rs
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-01-04]
FF Extension: New Tab Homepage - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-02-27]
FF Extension: Greasemonkey - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-14]
FF StartMenuInternet: FIREFOX.EXE - D:\Game\firefox.exe

Chrome:
=======
CHR HomePage:
CHR DefaultSearchProvider: Bueno Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) ====================

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\Users\Home\Desktop\FRST
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\FRST
2014-05-01 10:09 - 2014-05-01 10:14 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 21:26 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-25 21:26 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-25 21:26 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-25 21:26 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-25 21:25 - 2014-04-25 21:26 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 20:20 - 2014-04-20 20:20 - 00000531 _____ () C:\Users\Home\Desktop\Bandicam.lnk
2014-04-20 20:19 - 2014-04-25 20:18 - 00000000 ____D () C:\Users\Home\Documents\Bandicam
2014-04-20 20:19 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BANDISOFT
2014-04-20 20:18 - 2014-04-20 20:20 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-04-20 18:07 - 2014-04-20 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-19 19:08 - 2014-04-19 19:09 - 00000000 ____D () C:\Users\Home\AppData\Roaming\GameRanger
2014-04-19 13:20 - 2014-04-19 13:20 - 00000000 ____D () C:\OutputFolder
2014-04-19 11:16 - 2014-04-19 11:16 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AVG2014
2014-04-19 11:15 - 2014-04-25 15:13 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-19 11:15 - 2014-04-25 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-19 11:14 - 2014-05-01 10:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-19 11:11 - 2014-04-19 11:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-18 09:09 - 2014-05-01 10:24 - 00201419 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Bigasoft Total Video Converter 4
2014-04-17 18:49 - 2014-04-17 18:49 - 00000000 ____D () C:\Program Files (x86)\SiteFinder

==================== One Month Modified Files and Folders =======

2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\Users\Home\Desktop\FRST
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\FRST
2014-05-01 10:24 - 2014-04-18 09:09 - 00201419 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 10:14 - 2014-05-01 10:09 - 00000000 ____D () C:\AdwCleaner
2014-05-01 10:14 - 2014-04-19 11:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-01 10:06 - 2013-06-29 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 09:56 - 2013-07-30 19:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Disk Cleaner
2014-05-01 09:54 - 2013-09-30 09:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 09:54 - 2013-09-30 09:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 09:39 - 2013-04-02 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-01 09:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 18:04 - 2013-12-16 16:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft
2014-04-29 11:07 - 2013-06-29 13:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:07 - 2013-04-01 17:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 11:07 - 2013-04-01 17:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 14:52 - 2013-07-14 13:46 - 00003072 ____H () C:\Users\Home\Desktop\photothumb.db
2014-04-26 13:27 - 2009-07-14 07:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 21:42 - 2013-06-22 13:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 21:26 - 2014-04-25 21:25 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-25 21:26 - 2013-06-21 14:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-25 20:18 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\Documents\Bandicam
2014-04-25 15:13 - 2014-04-19 11:15 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-25 15:13 - 2014-04-19 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-23 16:30 - 2013-12-20 17:13 - 00000000 ____D () C:\Users\Home\Desktop\Ikone
2014-04-20 20:20 - 2014-04-20 20:20 - 00000531 _____ () C:\Users\Home\Desktop\Bandicam.lnk
2014-04-20 20:20 - 2014-04-20 20:18 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-04-20 20:19 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BANDISOFT
2014-04-20 19:33 - 2013-04-02 19:09 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
2014-04-20 18:07 - 2014-04-20 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-19 19:09 - 2014-04-19 19:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\GameRanger
2014-04-19 17:25 - 2009-07-14 07:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 13:20 - 2014-04-19 13:20 - 00000000 ____D () C:\OutputFolder
2014-04-19 11:24 - 2013-10-15 18:10 - 00000000 ____D () C:\Users\Home\AppData\Local\Avg2014
2014-04-19 11:16 - 2014-04-19 11:16 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AVG2014
2014-04-19 11:14 - 2014-03-24 14:55 - 00000000 ___HD () C:\$AVG
2014-04-19 11:11 - 2014-04-19 11:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 11:08 - 2013-04-02 18:25 - 00000000 ____D () C:\ProgramData\AVG2013
2014-04-19 11:08 - 2013-04-02 17:56 - 00000000 ____D () C:\Users\Home\AppData\Local\Avg2013
2014-04-19 00:55 - 2013-04-02 19:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Winamp
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Bigasoft Total Video Converter 4
2014-04-17 18:49 - 2014-04-17 18:49 - 00000000 ____D () C:\Program Files (x86)\SiteFinder
2014-04-14 20:13 - 2014-04-25 21:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-25 21:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-25 21:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-25 21:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 19:47 - 2013-06-29 13:12 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2014-04-08 21:15 - 2014-02-08 17:10 - 01771520 _____ (TeamExtreme) C:\Users\Home\Desktop\Minecraft.exe
2014-04-01 13:56 - 2013-12-12 18:24 - 00001124 __RSH () C:\Users\Home\ntuser.pol
2014-04-01 13:56 - 2013-04-01 15:10 - 00000000 ____D () C:\Users\Home

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 14:31

==================== End Of Log ============================

Dopuna: 01 Maj 2014 10:31

https://www.mycity.rs/must-login.png

Poslao: 01 Maj 2014 11:38
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pozdrav,


Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

Poslao: 01 Maj 2014 11:59
Idi na vrh
offline
  • Marko
  • Pridružio: 30 Maj 2013
  • Poruke: 424
  • Gde živiš: U kući

Napisano: 01 Maj 2014 11:57

Piše "No threats found".

Dopuna: 01 Maj 2014 11:59

https://www.mycity.rs/must-login.png

Poslao: 01 Maj 2014 16:41
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Ne znam zasto si pokretao ComboFix na svoju ruku?! Voleo bih da vidim njegov izvestaj...




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
D:\Unlocker
Task: {2DA82A0F-3408-4096-80C4-0474C0B3F46F} - \EPUpdater No Task File <==== ATTENTION
Task: {9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} - \FTdownloader V7.0-firefoxinstaller No Task File <==== ATTENTION
Task: {B1BB89E9-20B1-4259-AA88-035A04750C2D} - \FTdownloader V7.0-enabler No Task File <==== ATTENTION
Task: {B95F4373-DC08-4154-B7DA-E8B446FBFEF2} - \FTdownloader V7.0-codedownloader No Task File <==== ATTENTION
Task: {837F98F9-6B5B-4411-ACE7-61D1A8F54815} - \FTdownloader V7.0-updater No Task File <==== ATTENTION
cmd: ipconfig /flushdns

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 01 Maj 2014 17:27
Idi na vrh
offline
  • Marko
  • Pridružio: 30 Maj 2013
  • Poruke: 424
  • Gde živiš: U kući

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2014
Ran by Home at 2014-05-01 17:26:33 Run:1
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
D:\Unlocker
Task: {2DA82A0F-3408-4096-80C4-0474C0B3F46F} - \EPUpdater No Task File <==== ATTENTION
Task: {9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} - \FTdownloader V7.0-firefoxinstaller No Task File <==== ATTENTION
Task: {B1BB89E9-20B1-4259-AA88-035A04750C2D} - \FTdownloader V7.0-enabler No Task File <==== ATTENTION
Task: {B95F4373-DC08-4154-B7DA-E8B446FBFEF2} - \FTdownloader V7.0-codedownloader No Task File <==== ATTENTION
Task: {837F98F9-6B5B-4411-ACE7-61D1A8F54815} - \FTdownloader V7.0-updater No Task File <==== ATTENTION
cmd: ipconfig /flushdns
*****************

UnlockerDriver5 => Service deleted successfully.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
D:\Unlocker => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DA82A0F-3408-4096-80C4-0474C0B3F46F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA82A0F-3408-4096-80C4-0474C0B3F46F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1BB89E9-20B1-4259-AA88-035A04750C2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BB89E9-20B1-4259-AA88-035A04750C2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B95F4373-DC08-4154-B7DA-E8B446FBFEF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95F4373-DC08-4154-B7DA-E8B446FBFEF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{837F98F9-6B5B-4411-ACE7-61D1A8F54815} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{837F98F9-6B5B-4411-ACE7-61D1A8F54815} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-updater => Key deleted successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

Poslao: 01 Maj 2014 17:41
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

A ComboFix?

Poslao: 01 Maj 2014 20:07
Idi na vrh
offline
  • Marko
  • Pridružio: 30 Maj 2013
  • Poruke: 424
  • Gde živiš: U kući

Napisano: 01 Maj 2014 19:44

Evo sad ću samo da ga skinem.

Dopuna: 01 Maj 2014 20:07

Evo, morao sam da prekinem jer nisam imao vremena imam neke obaveze pa sam morao da gasim komp. Prekinuo sam i evo šta sam našao od izveštaja samo.
https://www.mycity.rs/must-login.png

Poslao: 01 Maj 2014 20:25
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Nisam ti trazio da pokrenes ComboFix, vec da mi dostavis njegov izvestaj.

Na C particiji bi trebalo da bude.

Poslao: 01 Maj 2014 22:14
Idi na vrh
offline
  • Marko
  • Pridružio: 30 Maj 2013
  • Poruke: 424
  • Gde živiš: U kući

Pa obrisao sam ga još odavno.

Poslao: 01 Maj 2014 22:19
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Pokusaj sada da ga pokrenes do kraja...

MyCity » Ambulanta -> Arhiva Ambulante » Mislim da imam viruse u kompjuteru?!

Ko je trenutno na forumu
 

Ukupno su 837 korisnika na forumu :: 34 registrovanih, 7 sakrivenih i 796 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: anbeast, anta, Apok, BORUTUS, darios, deLacy, djo97, doktor1964, draganl, drimer, Griffon vulture, ILGromovnik, Insan, krkalon, Kubovac, ladro, mik7, Milometer, Milos ZA, milos.cbr, Ne doznajem se u oružje, nemkea71, panzerwaffe, Ripanjac, sasa87, Shinobi, Sir Budimir, t84dar, VJ, vukovi, wolf431, zillbg, zziko, |_MeD_|