Trojanski konj

1

Trojanski konj

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

E ovako... Kad pokrenem kompjuter otvara mi ovaj prozorčić
ja pokušam uklonim sve ali mi se pojavi da uklanjanje pretnji nije moguće. Zadnjih 2-3 puta kad sam pokrenuo kompjuter mi to prikazuje. Ne primećujem da mi računar radi usporeno ili sporije otvara programe... Evo i ova slika
. Kad pokrenem skeniranje ne pronalazi ove trojance i pise da mi je kompjuter zaštićen.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kao sto rekoh, potrebno je da ispratis uputstvo na linku ispod i dostavis DDS.txt i Attach.txt izvestaje

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

TwinHeadedEagle ::Kao sto rekoh, potrebno je da ispratis uputstvo na linku ispod i dostavis DDS.txt i Attach.txt izvestaje

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Izvini evo sad ću.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ako ne uspes da skines DDS, vidi da ga skines na drugi racunar, ili na mobilni, pa onda prebaci na racunar putem USB-a...

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Kad pokrenem kompjuter odmah mi se pojavi ovaj prozorčić
. Ja pokušam da ga uklonim ali prikazuje da to nije moguće. Evo još jedne slike
.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.25.2
Run by Home at 17:45:48 on 2013-06-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3545.2171 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\bh\privitize.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient_2.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: privitize Toolbar: {1C46A0DD-D53E-46C4-A435-CA11103E255E} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A2EEAB71-9E59-4F0A-A90F-D432E29D2661} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-23 20:00; plugin@getwebcake.com; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-06-26 18:36; ffxtlbr@privitize.com; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\ffxtlbr@privitize.com
FF - ExtSQL: 2013-06-26 20:59; lndl@mips.edu; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\lndl@mips.edu
FF - ExtSQL: 2013-06-26 21:00; zzozouxjqj@ajj.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\zzozouxjqj@ajj.org
FF - ExtSQL: 2013-06-28 21:10; hpae_w0j@ie-eeo.edu; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\hpae_w0j@ie-eeo.edu
FF - ExtSQL: 2013-06-28 21:12; 15h3oeir@jgwiuouya.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\15h3oeir@jgwiuouya.org
FF - ExtSQL: 2013-06-28 21:59; m3axfc@pyayi.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\m3axfc@pyayi.org
FF - ExtSQL: 2013-06-28 22:00; gr0h@tlpylfs.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\extensions\gr0h@tlpylfs.org
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 1122f0db-7862-41b5-89a9-1b01bfd71481
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extentions.webcake.installId - 1122f0db-7862-41b5-89a9-1b01bfd71481
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 006649e10000000000003085a948dc9c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15879
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.520:01:27
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tsp=4922
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=006649e10000000000003085a948dc9c&affilt=5&q=
FF - user.js: extensions.privitize.id - 006649e10000000000003085a948dc9c
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15882
FF - user.js: extensions.privitize.vrsn - 1.8.21.6
FF - user.js: extensions.privitize.vrsni - 1.8.21.6
FF - user.js: extensions.privitize.vrsnTs - 1.8.21.616:03:50
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - 5
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - false
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=006649e10000000000003085a948dc9c&affilt=5
FF - user.js: extensions.privitize.hpOld0 - www.google.rs
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=006649e10000000000003085a948dc9c&affilt=5
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=006649e10000000000003085a948dc9c&affilt=5
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-1 235520]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 SrvUpdater;Software Updater;C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [2013-4-12 31744]
R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-23 23552]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-4-1 110744]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 3xHybr64;3xHybrid service;C:\Windows\System32\drivers\3xHybr64.sys [2007-4-20 873216]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\Windows\System32\drivers\RTL2832U_IRHID.sys [2013-5-30 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2013-5-30 117152]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2013-5-30 38944]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-1 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-06-29 14:16:48 -------- d-----w- C:\ProgramData\Simply Super Software
2013-06-29 13:01:16 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-29 11:14:46 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-06-29 11:14:44 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-06-29 11:12:10 -------- d-----w- C:\Users\Home\AppData\Local\Adobe
2013-06-29 10:57:06 -------- d-----w- C:\Users\Home\AppData\Local\Deployment
2013-06-29 10:57:06 -------- d-----w- C:\Users\Home\AppData\Local\Apps
2013-06-28 19:09:00 -------- d-----w- C:\ProgramData\StarApp
2013-06-28 19:09:00 -------- d-----w- C:\ProgramData\SSearchh-NeWWTab
2013-06-28 19:08:35 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-06-28 19:07:54 -------- d-----w- C:\ProgramData\SSafe savvee
2013-06-28 14:56:03 -------- d-----w- C:\Users\Home\AppData\Roaming\Foxit Software
2013-06-27 07:41:44 -------- d-----w- C:\Users\Home\AppData\Roaming\PhotoScape
2013-06-27 07:41:20 -------- d-----w- C:\Program Files (x86)\PhotoScape
2013-06-26 18:58:25 -------- d-----w- C:\ProgramData\SearchNewTab
2013-06-26 18:57:26 -------- d-----w- C:\ProgramData\ssaFe! save
2013-06-26 18:57:04 -------- d-----w- C:\ProgramData\InstallMate
2013-06-26 17:33:42 -------- d-----w- C:\Users\Home\AppData\Roaming\AVG
2013-06-26 17:33:04 -------- d-----w- C:\ProgramData\AVG
2013-06-26 17:32:51 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-26 14:06:17 -------- d-----w- C:\Users\Home\AppData\Roaming\DownLite
2013-06-26 14:03:49 -------- d-----w- C:\Users\Home\AppData\Local\Google
2013-06-26 14:03:48 -------- d-----w- C:\Program Files (x86)\Industriya
2013-06-23 18:00:38 -------- d-----w- C:\Program Files (x86)\WebCake
2013-06-23 18:00:24 -------- d-----w- C:\ProgramData\Tarma Installer
2013-06-23 18:00:11 -------- d-----w- C:\Program Files (x86)\TornTV.com
2013-06-22 11:42:05 -------- d-----w- C:\Users\Home\AppData\Roaming\uTorrent
2013-06-22 11:05:36 -------- d-----w- C:\Program Files (x86)\GOG.com
2013-06-22 08:05:29 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
2013-06-22 08:04:54 -------- d-----w- C:\Program Files (x86)\Vittalia
2013-06-21 19:46:26 -------- d-----w- C:\Users\Home\AppData\Local\Microsoft Games
2013-06-21 19:42:59 -------- d-----w- C:\Program Files\CCleaner
2013-06-21 12:45:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 11:53:01 -------- d-----w- C:\Windows\System32\appmgmt
.
==================== Find3M ====================
.
2013-06-29 11:14:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 11:14:42 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-21 12:45:43 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-21 12:45:43 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-01 13:33:04 0 ----a-w- C:\Windows\ativpsrm.bin
2013-04-01 13:09:38 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-04-01 13:09:38 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-04-01 13:09:38 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-04-01 13:09:37 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-04-01 13:09:37 1008640 ----a-w- C:\Windows\System32\user32.dll
.
============= FINISH: 17:46:05,81 ===============


https://www.mycity.rs/must-login.png

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

TwinHeadedEagle ::Ako ne uspes da skines DDS, vidi da ga skines na drugi racunar, ili na mobilni, pa onda prebaci na racunar putem USB-a... Uspeo sam da ga skinem Very Happy

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Korak 1.


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64-bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj nije potreban.




Korak 2.


Preuzmi program GMER sa donjeg linka na Desktop:


GMER download
Klikni dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Dvoklikom pokrenite GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;

klikni Scan i sačekaj da skeniranje bude završeno;

klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer1);

klikni desnim tasterom u prozor programa Gmer i odaberi Options > 3rd party - klikni Scan;

po završetku skeniranja klikni Save ... - izveštaj sačuvaj na Desktop (pod nazivom Gmer2);

klikni taster >>> i odaberi Autostart karticu;

po završetku kratkotrajnog skeniranja, klikni Copy;

otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priloži sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Home (administrator) on 29-06-2013 18:52:00
Running from C:\Users\Home\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6843024 2012-10-29] (Realtek Semiconductor)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e04d5268b3562573d50863341528e0d7\n. ATTENTION! ====> ZeroAccess
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3145937626-3286986765-835811450-1000\$e04d5268b3562573d50863341528e0d7\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {D1EAB2A0-BACD-49F7-A191-922CE9E9099E} URL = http://searchou.com/?q={searchTerms}&id=006649e10000000000003085a948dc9c&affilt=5&r=43
SearchScopes: HKCU - {D1EAB2A0-BACD-49F7-A191-922CE9E9099E} URL = http://searchou.com/?q={searchTerms}&id=006649e10000000000003085a948dc9c&affilt=5&r=43
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: privitize Helper Object - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\bh\privitize.dll (Industriya LLC)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient_2.dll (WebCake LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - privitize Toolbar - {1C46A0DD-D53E-46C4-A435-CA11103E255E} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll (Industriya LLC)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default
FF user.js: detected! => C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\user.js
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: SSafe savvee - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\15h3oeir@jgwiuouya.org
FF Extension: Privitize.com - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\ffxtlbr@privitize.com
FF Extension: SSearchh-NeWWTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\gr0h@tlpylfs.org
FF Extension: SSafe savvee - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\hpae_w0j@ie-eeo.edu
FF Extension: ssaFe! save - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\lndl@mips.edu
FF Extension: SSearchh-NeWWTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\m3axfc@pyayi.org
FF Extension: WebCake - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\plugin@getwebcake.com
FF Extension: SearchNewTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\zzozouxjqj@ajj.org

Chrome:
=======
CHR Extension: (SSafe savvee) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgbonnlgaijklmelediajejfofdieee\1
CHR Extension: (SearchNewTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\albdecokpdbjaonobpomjphnhfeonmae\1
CHR Extension: (SSearchh-NeWWTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\banacjlleafnamlngcmlmihpfnmhnbbj\1
CHR Extension: (SSearchh-NeWWTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlhlhkalgdackhkfhaogfldgdebkjcc\1
CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0
CHR Extension: (ssaFe! save) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdaoepbnfmmphodhoimkjekaeghlbefo\1
CHR Extension: (SSafe savvee) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkaffijloipbclfhchnfcmjahnabehm\1

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-04-12] ()
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 18:51 - 2013-06-29 18:51 - 01933592 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-06-29 18:51 - 2013-06-29 18:51 - 00000000 ____D C:\FRST
2013-06-29 17:46 - 2013-06-29 17:46 - 00021100 ____A C:\Users\Home\Desktop\attach.txt
2013-06-29 17:46 - 2013-06-29 17:46 - 00017786 ____A C:\Users\Home\Desktop\dds.txt
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Users\Home\Desktop\didf
2013-06-29 17:32 - 2013-06-29 17:32 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.scr
2013-06-29 16:17 - 2013-06-29 16:17 - 00000000 ____D C:\Users\Home\Documents\Simply Super Software
2013-06-29 16:16 - 2013-06-29 16:16 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-29 15:01 - 2013-06-29 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-29 15:01 - 2013-06-29 15:01 - 00000761 ____A C:\Users\Home\Desktop\Spybot - Search & Destroy.lnk
2013-06-29 13:14 - 2013-06-29 18:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 13:14 - 2013-06-29 14:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 13:12 - 2013-06-29 13:15 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Apps\2.0
2013-06-29 11:18 - 2013-06-29 17:16 - 00012798 ____N C:\Windows\WindowsUpdate.log
2013-06-28 21:09 - 2013-06-28 21:10 - 00000000 ____D C:\ProgramData\SSearchh-NeWWTab
2013-06-28 21:09 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\StarApp
2013-06-28 21:08 - 2013-06-28 21:11 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-28 21:07 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\SSafe savvee
2013-06-28 16:56 - 2013-06-28 16:56 - 00000000 ____D C:\Users\Home\AppData\Roaming\Foxit Software
2013-06-27 09:44 - 2013-06-27 09:45 - 00006144 ___AH C:\Users\Home\Desktop\photothumb.db
2013-06-27 09:41 - 2013-06-27 09:47 - 00000000 ____D C:\Users\Home\AppData\Roaming\PhotoScape
2013-06-27 09:41 - 2013-06-27 09:41 - 00001031 ____A C:\Users\Home\Desktop\PhotoScape.lnk
2013-06-27 09:41 - 2013-06-27 09:41 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-26 20:58 - 2013-06-26 20:58 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-26 20:57 - 2013-06-29 15:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-26 20:57 - 2013-06-26 20:57 - 00000000 ____D C:\ProgramData\ssaFe! save
2013-06-26 19:33 - 2013-06-26 19:34 - 00000000 ____D C:\ProgramData\AVG
2013-06-26 19:33 - 2013-06-26 19:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG
2013-06-26 19:32 - 2013-06-26 19:32 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-26 16:09 - 2013-06-26 16:09 - 00000000 ____D C:\ProgramData\Real
2013-06-26 16:06 - 2013-06-26 16:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\DownLite
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Program Files (x86)\Industriya
2013-06-26 15:27 - 2013-06-26 15:27 - 00000000 ____D C:\Users\Home\Documents\JoWooD
2013-06-23 20:00 - 2013-06-23 20:02 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-23 20:00 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-22 14:43 - 2013-06-22 14:43 - 00000000 ____D C:\Users\Home\Downloads\Nova fascikla
2013-06-22 13:42 - 2013-06-29 15:48 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-06-22 13:05 - 2013-06-22 13:05 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-06-22 12:47 - 2013-06-22 12:47 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 12:45 - 2013-06-22 12:59 - 00000000 ____D C:\Users\Home\AppData\Roaming\WinRAR
2013-06-22 10:05 - 2013-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-06-22 10:04 - 2013-06-22 10:04 - 00000000 ____D C:\Program Files (x86)\Vittalia
2013-06-21 22:02 - 2013-06-26 19:26 - 00000000 ___RD C:\Users\Home\Desktop\Marija
2013-06-21 21:53 - 2013-06-27 09:43 - 00000000 ___RD C:\Users\Home\Desktop\Marko
2013-06-21 21:46 - 2013-06-21 22:21 - 00000000 ____D C:\Users\Home\AppData\Local\Microsoft Games
2013-06-21 21:42 - 2013-06-21 21:43 - 00000000 ____D C:\Program Files\CCleaner
2013-06-21 21:42 - 2013-06-21 21:42 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-21 21:36 - 2013-06-26 20:44 - 00000000 ___RD C:\Users\Home\Desktop\Sladjan
2013-06-21 19:00 - 2013-06-23 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-21 14:45 - 2013-06-21 14:45 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 14:45 - 2013-06-21 14:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-21 13:53 - 2013-06-21 13:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-30 15:12 - 2013-06-21 13:11 - 00000000 ____D C:\Users\Home\AppData\Local\Newsoft
2013-05-30 15:12 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\Documents\Presto! PVR
2013-05-30 15:09 - 2009-10-25 18:43 - 00117152 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00117152 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\System32\Drivers\RTL2832UBDA.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00038944 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00038944 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\System32\Drivers\RTL2832UUSB.sys
2013-05-30 15:09 - 2009-10-05 05:22 - 00044320 ____A (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2013-05-30 15:09 - 2009-10-05 05:22 - 00044320 ____A (Realtek) C:\Windows\System32\Drivers\RTL2832U_IRHID.sys
2013-05-30 15:08 - 2013-06-21 13:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Home\AppData\Roaming\InstallShield
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-05-30 15:08 - 2009-10-15 19:36 - 00139356 ____A (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2013-05-30 15:08 - 2009-10-15 00:22 - 00348239 ___AT (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2013-05-30 15:08 - 2009-10-15 00:16 - 04690000 ____A (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2013-05-30 15:08 - 2009-10-14 23:03 - 00053248 ____A C:\Windows\SysWOW64\RTKDABMWare.dll
2013-05-30 15:08 - 2009-10-14 19:21 - 00135294 ____A (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2013-05-30 15:08 - 2009-09-10 22:15 - 00114688 ___AT (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2013-05-30 15:08 - 2009-09-10 19:44 - 00073832 ____A C:\Windows\SysWOW64\SuperFrameSplitter.dll

==================== One Month Modified Files and Folders =======

2013-06-29 18:51 - 2013-06-29 18:51 - 01933592 ____A (Farbar) C:\Users\Home\Downloads\FRST64.exe
2013-06-29 18:51 - 2013-06-29 18:51 - 00000000 ____D C:\FRST
2013-06-29 18:06 - 2013-06-29 13:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 18:03 - 2013-06-29 15:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-29 17:46 - 2013-06-29 17:46 - 00021100 ____A C:\Users\Home\Desktop\attach.txt
2013-06-29 17:46 - 2013-06-29 17:46 - 00017786 ____A C:\Users\Home\Desktop\dds.txt
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Users\Home\Desktop\didf
2013-06-29 17:32 - 2013-06-29 17:32 - 00688992 ____R (Swearware) C:\Users\Home\Desktop\dds.scr
2013-06-29 17:32 - 2013-04-02 17:56 - 00000000 ____D C:\ProgramData\MFAData
2013-06-29 17:16 - 2013-06-29 11:18 - 00012798 ____N C:\Windows\WindowsUpdate.log
2013-06-29 17:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 16:17 - 2013-06-29 16:17 - 00000000 ____D C:\Users\Home\Documents\Simply Super Software
2013-06-29 16:16 - 2013-06-29 16:16 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-29 16:03 - 2013-04-02 18:25 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-29 15:48 - 2013-06-22 13:42 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-06-29 15:31 - 2013-06-26 20:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-29 15:21 - 2013-04-01 15:10 - 00000000 ____D C:\users\Home
2013-06-29 15:01 - 2013-06-29 15:01 - 00000761 ____A C:\Users\Home\Desktop\Spybot - Search & Destroy.lnk
2013-06-29 14:04 - 2013-06-29 13:14 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-29 14:01 - 2013-04-02 19:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\Winamp
2013-06-29 13:15 - 2013-06-29 13:12 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 13:14 - 2013-04-01 17:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:14 - 2013-04-01 17:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 13:10 - 2013-04-02 19:06 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-29 13:10 - 2013-04-02 19:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Apps\2.0
2013-06-28 21:11 - 2013-06-28 21:08 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-28 21:10 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\SSearchh-NeWWTab
2013-06-28 21:09 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\StarApp
2013-06-28 21:09 - 2013-06-28 21:07 - 00000000 ____D C:\ProgramData\SSafe savvee
2013-06-28 16:56 - 2013-06-28 16:56 - 00000000 ____D C:\Users\Home\AppData\Roaming\Foxit Software
2013-06-27 17:15 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-27 09:47 - 2013-06-27 09:41 - 00000000 ____D C:\Users\Home\AppData\Roaming\PhotoScape
2013-06-27 09:45 - 2013-06-27 09:44 - 00006144 ___AH C:\Users\Home\Desktop\photothumb.db
2013-06-27 09:43 - 2013-06-21 21:53 - 00000000 ___RD C:\Users\Home\Desktop\Marko
2013-06-27 09:41 - 2013-06-27 09:41 - 00001031 ____A C:\Users\Home\Desktop\PhotoScape.lnk
2013-06-27 09:41 - 2013-06-27 09:41 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-27 09:34 - 2009-07-14 07:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 20:58 - 2013-06-26 20:58 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-26 20:57 - 2013-06-26 20:57 - 00000000 ____D C:\ProgramData\ssaFe! save
2013-06-26 20:44 - 2013-06-21 21:36 - 00000000 ___RD C:\Users\Home\Desktop\Sladjan
2013-06-26 19:34 - 2013-06-26 19:33 - 00000000 ____D C:\ProgramData\AVG
2013-06-26 19:33 - 2013-06-26 19:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG
2013-06-26 19:32 - 2013-06-26 19:32 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-26 19:26 - 2013-06-21 22:02 - 00000000 ___RD C:\Users\Home\Desktop\Marija
2013-06-26 16:09 - 2013-06-26 16:09 - 00000000 ____D C:\ProgramData\Real
2013-06-26 16:06 - 2013-06-26 16:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\DownLite
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Program Files (x86)\Industriya
2013-06-26 15:27 - 2013-06-26 15:27 - 00000000 ____D C:\Users\Home\Documents\JoWooD
2013-06-25 20:33 - 2013-04-01 15:10 - 00000000 ____D C:\Users\Home\AppData\Local\VirtualStore
2013-06-23 20:02 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-23 20:01 - 2013-06-21 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 20:00 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-22 17:02 - 2013-04-02 19:09 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype
2013-06-22 17:01 - 2013-04-02 19:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-22 17:01 - 2013-04-02 19:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-22 14:43 - 2013-06-22 14:43 - 00000000 ____D C:\Users\Home\Downloads\Nova fascikla
2013-06-22 13:59 - 2009-07-14 06:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 13:59 - 2009-07-14 06:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 13:05 - 2013-06-22 13:05 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-06-22 12:59 - 2013-06-22 12:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\WinRAR
2013-06-22 12:47 - 2013-06-22 12:47 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 10:05 - 2013-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-06-22 10:04 - 2013-06-22 10:04 - 00000000 ____D C:\Program Files (x86)\Vittalia
2013-06-22 06:10 - 2013-04-01 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-21 22:21 - 2013-06-21 21:46 - 00000000 ____D C:\Users\Home\AppData\Local\Microsoft Games
2013-06-21 21:52 - 2013-04-02 01:02 - 00000000 ____D C:\Windows\Panther
2013-06-21 21:43 - 2013-06-21 21:42 - 00000000 ____D C:\Program Files\CCleaner
2013-06-21 21:42 - 2013-06-21 21:42 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-21 14:45 - 2013-06-21 14:45 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 14:45 - 2013-06-21 14:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-21 14:45 - 2013-04-01 15:44 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-21 14:45 - 2013-04-01 15:44 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-21 13:59 - 2013-04-02 18:26 - 00000977 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-21 13:53 - 2013-06-21 13:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-21 13:52 - 2013-05-30 15:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-21 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-21 13:11 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\AppData\Local\Newsoft
2013-05-30 15:12 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\Documents\Presto! PVR
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Home\AppData\Roaming\InstallShield
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Program Files (x86)\Realtek

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3145937626-3286986765-835811450-1000\$e04d5268b3562573d50863341528e0d7

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e04d5268b3562573d50863341528e0d7

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-06-23 20:52

==================== End Of Log ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno, jos GMER izvestaje...

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Napisano: 29 Jun 2013 19:24

Evo
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 29 Jun 2013 19:26

I još nešto da te pitam mogu li ja sad sve ovo da izbrišem?

Ko je trenutno na forumu
 

Ukupno su 1209 korisnika na forumu :: 47 registrovanih, 10 sakrivenih i 1152 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Alibaba1981, Andrija357, bankulen, Ben Roj, Boris90, Botovac, BraneS, brundo65, ccoogg123, Dannyboy, djboj, DonRumataEstorski, Dorcolac, Dvojac005, Georgius, havoc995, ikan, ivica976, JimmyNapoli, Joja, Kubovac, kybonacci, Lazarus, LUDI, MB120mm, mercedesamg, milimoj, milos.cbr, MrNo, Nemanja.M, nextyamb, ostoja, Panter, panzerwaffe, Posmatrac77OKB, prle122, randja26, savaskytec, slonic_tonic, solic, stalja, tubular, vathra, vobo, xanadu