Poslao: 01 Maj 2014 10:31
|
offline
- Mare Ivanović
- Ugledni građanin
- Pridružio: 30 Maj 2013
- Poruke: 424
- Gde živiš: U kući
|
Napisano: 01 Maj 2014 10:30
Pozdrav, hoću da tesiram kompjuter da li ima viruse... Skinuo sam AdwCleaner, ali kad sam skinuo pisalo je da ima viruse. Komp je počeo malo da koči, i nekako mi je čudan, kao da ga neko drugi koristi i ubacuje mi viruse. Počelo je otprilike od pre 2 nedelje. Skenirao sam sa AVG 2014 (njega sam instalirao pre 2 nedelje i mislim ali nisam siguran da mi od tad koči) i piše da nema ništa. Evo sad ću poslati izveštaje od FRST.
Dopuna: 01 Maj 2014 10:31
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Home (administrator) on HOME-PC on 01-05-2014 10:26:51
Running from C:\Users\Home\Desktop\FRST
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) D:\Game\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) D:\Game\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x71DEA046E22BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {4DB74D06-491C-440D-305E-012400990F3E} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default
FF Homepage: www.google.rs
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Qualys BrowserCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [2014-01-04]
FF Extension: New Tab Homepage - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-02-27]
FF Extension: Greasemonkey - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h9nfdhc8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-14]
FF StartMenuInternet: FIREFOX.EXE - D:\Game\firefox.exe
Chrome:
=======
CHR HomePage:
CHR DefaultSearchProvider: Bueno Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
==================== Drivers (Whitelisted) ====================
S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-19] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-25] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\Users\Home\Desktop\FRST
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\FRST
2014-05-01 10:09 - 2014-05-01 10:14 - 00000000 ____D () C:\AdwCleaner
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 21:26 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-25 21:26 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-25 21:26 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-25 21:26 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-25 21:25 - 2014-04-25 21:26 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 20:20 - 2014-04-20 20:20 - 00000531 _____ () C:\Users\Home\Desktop\Bandicam.lnk
2014-04-20 20:19 - 2014-04-25 20:18 - 00000000 ____D () C:\Users\Home\Documents\Bandicam
2014-04-20 20:19 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BANDISOFT
2014-04-20 20:18 - 2014-04-20 20:20 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-04-20 18:07 - 2014-04-20 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-19 19:08 - 2014-04-19 19:09 - 00000000 ____D () C:\Users\Home\AppData\Roaming\GameRanger
2014-04-19 13:20 - 2014-04-19 13:20 - 00000000 ____D () C:\OutputFolder
2014-04-19 11:16 - 2014-04-19 11:16 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AVG2014
2014-04-19 11:15 - 2014-04-25 15:13 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-19 11:15 - 2014-04-25 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-19 11:14 - 2014-05-01 10:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-19 11:11 - 2014-04-19 11:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-18 09:09 - 2014-05-01 10:24 - 00201419 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Bigasoft Total Video Converter 4
2014-04-17 18:49 - 2014-04-17 18:49 - 00000000 ____D () C:\Program Files (x86)\SiteFinder
==================== One Month Modified Files and Folders =======
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\Users\Home\Desktop\FRST
2014-05-01 10:26 - 2014-05-01 10:26 - 00000000 ____D () C:\FRST
2014-05-01 10:24 - 2014-04-18 09:09 - 00201419 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 10:14 - 2014-05-01 10:09 - 00000000 ____D () C:\AdwCleaner
2014-05-01 10:14 - 2014-04-19 11:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-01 10:06 - 2013-06-29 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 09:56 - 2013-07-30 19:46 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Disk Cleaner
2014-05-01 09:54 - 2013-09-30 09:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 09:54 - 2013-09-30 09:25 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 09:39 - 2013-04-02 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-01 09:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 18:04 - 2013-12-16 16:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft
2014-04-29 11:07 - 2013-06-29 13:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:07 - 2013-04-01 17:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 11:07 - 2013-04-01 17:00 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 14:52 - 2013-07-14 13:46 - 00003072 ____H () C:\Users\Home\Desktop\photothumb.db
2014-04-26 13:27 - 2009-07-14 07:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 21:42 - 2013-06-22 13:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-25 21:26 - 2014-04-25 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 21:26 - 2014-04-25 21:25 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-25 21:26 - 2013-06-21 14:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-25 20:18 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\Documents\Bandicam
2014-04-25 15:13 - 2014-04-19 11:15 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-25 15:13 - 2014-04-19 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-23 16:30 - 2013-12-20 17:13 - 00000000 ____D () C:\Users\Home\Desktop\Ikone
2014-04-20 20:20 - 2014-04-20 20:20 - 00000531 _____ () C:\Users\Home\Desktop\Bandicam.lnk
2014-04-20 20:20 - 2014-04-20 20:18 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-04-20 20:19 - 2014-04-20 20:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BANDISOFT
2014-04-20 19:33 - 2013-04-02 19:09 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
2014-04-20 18:07 - 2014-04-20 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-19 19:09 - 2014-04-19 19:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\GameRanger
2014-04-19 17:25 - 2009-07-14 07:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 13:20 - 2014-04-19 13:20 - 00000000 ____D () C:\OutputFolder
2014-04-19 11:24 - 2013-10-15 18:10 - 00000000 ____D () C:\Users\Home\AppData\Local\Avg2014
2014-04-19 11:16 - 2014-04-19 11:16 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AVG2014
2014-04-19 11:14 - 2014-03-24 14:55 - 00000000 ___HD () C:\$AVG
2014-04-19 11:11 - 2014-04-19 11:11 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-19 11:08 - 2013-04-02 18:25 - 00000000 ____D () C:\ProgramData\AVG2013
2014-04-19 11:08 - 2013-04-02 17:56 - 00000000 ____D () C:\Users\Home\AppData\Local\Avg2013
2014-04-19 00:55 - 2013-04-02 19:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Winamp
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 18:56 - 2014-04-17 18:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Bigasoft Total Video Converter 4
2014-04-17 18:49 - 2014-04-17 18:49 - 00000000 ____D () C:\Program Files (x86)\SiteFinder
2014-04-14 20:13 - 2014-04-25 21:26 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-25 21:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-25 21:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-25 21:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 19:47 - 2013-06-29 13:12 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2014-04-08 21:15 - 2014-02-08 17:10 - 01771520 _____ (TeamExtreme) C:\Users\Home\Desktop\Minecraft.exe
2014-04-01 13:56 - 2013-12-12 18:24 - 00001124 __RSH () C:\Users\Home\ntuser.pol
2014-04-01 13:56 - 2013-04-01 15:10 - 00000000 ____D () C:\Users\Home
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-20 14:31
==================== End Of Log ============================
Dopuna: 01 Maj 2014 10:31
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
Poslao: 01 Maj 2014 16:41
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Ne znam zasto si pokretao ComboFix na svoju ruku?! Voleo bih da vidim njegov izvestaj...
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
D:\Unlocker
Task: {2DA82A0F-3408-4096-80C4-0474C0B3F46F} - \EPUpdater No Task File <==== ATTENTION
Task: {9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} - \FTdownloader V7.0-firefoxinstaller No Task File <==== ATTENTION
Task: {B1BB89E9-20B1-4259-AA88-035A04750C2D} - \FTdownloader V7.0-enabler No Task File <==== ATTENTION
Task: {B95F4373-DC08-4154-B7DA-E8B446FBFEF2} - \FTdownloader V7.0-codedownloader No Task File <==== ATTENTION
Task: {837F98F9-6B5B-4411-ACE7-61D1A8F54815} - \FTdownloader V7.0-updater No Task File <==== ATTENTION
cmd: ipconfig /flushdns
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
Poslao: 01 Maj 2014 17:27
|
offline
- Mare Ivanović
- Ugledni građanin
- Pridružio: 30 Maj 2013
- Poruke: 424
- Gde živiš: U kući
|
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-05-2014
Ran by Home at 2014-05-01 17:26:33 Run:1
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
U5 UnlockerDriver5; D:\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
D:\Unlocker
Task: {2DA82A0F-3408-4096-80C4-0474C0B3F46F} - \EPUpdater No Task File <==== ATTENTION
Task: {9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} - \FTdownloader V7.0-firefoxinstaller No Task File <==== ATTENTION
Task: {B1BB89E9-20B1-4259-AA88-035A04750C2D} - \FTdownloader V7.0-enabler No Task File <==== ATTENTION
Task: {B95F4373-DC08-4154-B7DA-E8B446FBFEF2} - \FTdownloader V7.0-codedownloader No Task File <==== ATTENTION
Task: {837F98F9-6B5B-4411-ACE7-61D1A8F54815} - \FTdownloader V7.0-updater No Task File <==== ATTENTION
cmd: ipconfig /flushdns
*****************
UnlockerDriver5 => Service deleted successfully.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
D:\Unlocker => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DA82A0F-3408-4096-80C4-0474C0B3F46F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DA82A0F-3408-4096-80C4-0474C0B3F46F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C9E6A43-77D6-45FF-81B1-CFCAE356C49D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1BB89E9-20B1-4259-AA88-035A04750C2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BB89E9-20B1-4259-AA88-035A04750C2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B95F4373-DC08-4154-B7DA-E8B446FBFEF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95F4373-DC08-4154-B7DA-E8B446FBFEF2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{837F98F9-6B5B-4411-ACE7-61D1A8F54815} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{837F98F9-6B5B-4411-ACE7-61D1A8F54815} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V7.0-updater => Key deleted successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
==== End of Fixlog ====
|
|
|
|
|
Poslao: 01 Maj 2014 20:07
|
offline
- Mare Ivanović
- Ugledni građanin
- Pridružio: 30 Maj 2013
- Poruke: 424
- Gde živiš: U kući
|
Napisano: 01 Maj 2014 19:44
Evo sad ću samo da ga skinem.
Dopuna: 01 Maj 2014 20:07
Evo, morao sam da prekinem jer nisam imao vremena imam neke obaveze pa sam morao da gasim komp. Prekinuo sam i evo šta sam našao od izveštaja samo.
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 01 Maj 2014 20:25
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Nisam ti trazio da pokrenes ComboFix, vec da mi dostavis njegov izvestaj.
Na C particiji bi trebalo da bude.
|
|
|
|
|
|