Trojanski konj

2

Trojanski konj

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Alate ćemo obrisati kada završimo, prvo da uklonimo malware...


Arrow U uputstvu je pisalo da FRST sacuvas na Desktop, preuzmi ga ponovo i sacuvaj na Desktop.


Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$e04d5268b3562573d50863341528e0d7\n. ATTENTION! ====> ZeroAccess
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3145937626-3286986765-835811450-1000\$e04d5268b3562573d50863341528e0d7\n. ATTENTION! ====> ZeroAccess
HKCU SearchScopes: DefaultScope {D1EAB2A0-BACD-49F7-A191-922CE9E9099E} URL = http://searchou.com/?q={searchTerms}&id=006649e10000000000003085a948dc9c&affilt=5&r=43
SearchScopes: HKCU - {D1EAB2A0-BACD-49F7-A191-922CE9E9099E} URL = http://searchou.com/?q={searchTerms}&id=006649e10000000000003085a948dc9c&affilt=5&r=43
Toolbar: HKLM-x32 - privitize Toolbar - {1C46A0DD-D53E-46C4-A435-CA11103E255E} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll (Industriya LLC)
FF Extension: SSafe savvee - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\15h3oeir@jgwiuouya.org
FF Extension: Privitize.com - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\ffxtlbr@privitize.com
FF Extension: SSearchh-NeWWTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\gr0h@tlpylfs.org
FF Extension: SSafe savvee - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\hpae_w0j@ie-eeo.edu
FF Extension: ssaFe! save - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\lndl@mips.edu
FF Extension: SSearchh-NeWWTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\m3axfc@pyayi.org
FF Extension: WebCake - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\plugin@getwebcake.com
FF Extension: SearchNewTab - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\zzozouxjqj@ajj.org
CHR Extension: (SSafe savvee) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgbonnlgaijklmelediajejfofdieee\1
CHR Extension: (SearchNewTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\albdecokpdbjaonobpomjphnhfeonmae\1
CHR Extension: (SSearchh-NeWWTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\banacjlleafnamlngcmlmihpfnmhnbbj\1
CHR Extension: (SSearchh-NeWWTab) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlhlhkalgdackhkfhaogfldgdebkjcc\1
CHR Extension: (Privitize Chrome Toolbar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0
CHR Extension: (ssaFe! save) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdaoepbnfmmphodhoimkjekaeghlbefo\1
CHR Extension: (SSafe savvee) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkaffijloipbclfhchnfcmjahnabehm\1
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [31744 2013-04-12] ()
2013-06-28 21:09 - 2013-06-28 21:10 - 00000000 ____D C:\ProgramData\SSearchh-NeWWTab
2013-06-28 21:07 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\SSafe savvee
2013-06-26 20:58 - 2013-06-26 20:58 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-26 20:57 - 2013-06-29 15:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-26 20:57 - 2013-06-26 20:57 - 00000000 ____D C:\ProgramData\ssaFe! save
C:\$Recycle.Bin\S-1-5-21-3145937626-3286986765-835811450-1000\$e04d5268b3562573d50863341528e0d7
C:\$Recycle.Bin\S-1-5-18\$e04d5268b3562573d50863341528e0d7
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
end


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sačuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sačekaj dok program ne završi

Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.

Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takođe, na Desktop-u će se nalaziti fixlog.txt.

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2013 01
Ran by Home at 2013-06-29 20:14:47 Run:1
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1EAB2A0-BACD-49F7-A191-922CE9E9099E} => Key deleted successfully.
HKCR\CLSID\{D1EAB2A0-BACD-49F7-A191-922CE9E9099E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1C46A0DD-D53E-46C4-A435-CA11103E255E} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{1C46A0DD-D53E-46C4-A435-CA11103E255E} => Key deleted successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\15h3oeir@jgwiuouya.org => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\ffxtlbr@privitize.com => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\gr0h@tlpylfs.org => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\hpae_w0j@ie-eeo.edu => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\lndl@mips.edu => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\m3axfc@pyayi.org => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\plugin@getwebcake.com => Moved successfully.
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\Extensions\zzozouxjqj@ajj.org => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgbonnlgaijklmelediajejfofdieee => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\albdecokpdbjaonobpomjphnhfeonmae => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\banacjlleafnamlngcmlmihpfnmhnbbj => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmlhlhkalgdackhkfhaogfldgdebkjcc => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdaoepbnfmmphodhoimkjekaeghlbefo => Moved successfully.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkaffijloipbclfhchnfcmjahnabehm => Moved successfully.
SrvUpdater => Service deleted successfully.
C:\ProgramData\SSearchh-NeWWTab => Moved successfully.
C:\ProgramData\SSafe savvee => Moved successfully.
C:\ProgramData\SearchNewTab => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.
C:\ProgramData\ssaFe! save => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3145937626-3286986765-835811450-1000\$e04d5268b3562573d50863341528e0d7 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e04d5268b3562573d50863341528e0d7 => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\sr-Latn-CS" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.


The system needs a manual reboot.

==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow Odlicno, restartuj racunar...

Nakon toga:


Korak 1.

Ponovo pokreni FRST, klikni na Scan i dostavi mi svez izvestaj kada se skeniranje zavrsi.



Korak 2.

Preuzmi Farbar Service Scaner na Desktop

http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Dvoklikom pokreni FSS.exe, stikliraj sve opcije i klikni na Scan

Nedugo zatim, otvorice se log programa u Notepad-u, koji ce biti sacuvan na radnoj povrsini kao FSS.txt

Kopiraj njegov sadrzaj u temu na forumu.



Korak 3.

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Pokreni ga, a zatim klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt


Korak 4.

Kakvo je sada stanje racunara?

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Napisano: 29 Jun 2013 20:27

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Home (administrator) on 29-06-2013 20:26:39
Running from C:\Users\Home\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6843024 2012-10-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: privitize Helper Object - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\bh\privitize.dll (Industriya LLC)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient_2.dll (WebCake LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default
FF user.js: detected! => C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ws8ph87e.default\user.js
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 WebCake Desktop Updater; C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [23552 2013-06-07] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 20:26 - 2013-06-29 20:26 - 00356397 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-06-29 20:23 - 2013-06-29 20:23 - 00000056 ____A C:\Windows\setupact.log
2013-06-29 20:23 - 2013-06-29 20:23 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 20:12 - 2013-06-29 20:12 - 01933592 ____A (Farbar) C:\Users\Home\Desktop\FRST64.exe
2013-06-29 19:27 - 2013-06-29 19:28 - 00000000 ____D C:\Users\Home\Desktop\kuh
2013-06-29 18:51 - 2013-06-29 20:14 - 00000000 ____D C:\FRST
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Users\Home\Desktop\didf
2013-06-29 16:17 - 2013-06-29 16:17 - 00000000 ____D C:\Users\Home\Documents\Simply Super Software
2013-06-29 16:16 - 2013-06-29 16:16 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-29 15:01 - 2013-06-29 18:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-29 15:01 - 2013-06-29 15:01 - 00000761 ____A C:\Users\Home\Desktop\Spybot - Search & Destroy.lnk
2013-06-29 13:14 - 2013-06-29 20:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 13:14 - 2013-06-29 14:04 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 13:12 - 2013-06-29 13:15 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Apps\2.0
2013-06-29 11:18 - 2013-06-29 17:16 - 00015614 ____A C:\Windows\WindowsUpdate.log
2013-06-28 21:09 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\StarApp
2013-06-28 21:08 - 2013-06-28 21:11 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-28 16:56 - 2013-06-28 16:56 - 00000000 ____D C:\Users\Home\AppData\Roaming\Foxit Software
2013-06-27 09:44 - 2013-06-27 09:45 - 00006144 ___AH C:\Users\Home\Desktop\photothumb.db
2013-06-27 09:41 - 2013-06-27 09:47 - 00000000 ____D C:\Users\Home\AppData\Roaming\PhotoScape
2013-06-27 09:41 - 2013-06-27 09:41 - 00001031 ____A C:\Users\Home\Desktop\PhotoScape.lnk
2013-06-27 09:41 - 2013-06-27 09:41 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-26 19:33 - 2013-06-26 19:34 - 00000000 ____D C:\ProgramData\AVG
2013-06-26 19:33 - 2013-06-26 19:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG
2013-06-26 19:32 - 2013-06-26 19:32 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-26 16:09 - 2013-06-26 16:09 - 00000000 ____D C:\ProgramData\Real
2013-06-26 16:06 - 2013-06-26 16:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\DownLite
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Program Files (x86)\Industriya
2013-06-26 15:27 - 2013-06-26 15:27 - 00000000 ____D C:\Users\Home\Documents\JoWooD
2013-06-23 20:00 - 2013-06-23 20:02 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-23 20:00 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-22 14:43 - 2013-06-22 14:43 - 00000000 ____D C:\Users\Home\Downloads\Nova fascikla
2013-06-22 13:42 - 2013-06-29 15:48 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-06-22 13:05 - 2013-06-22 13:05 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-06-22 12:47 - 2013-06-22 12:47 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 12:45 - 2013-06-22 12:59 - 00000000 ____D C:\Users\Home\AppData\Roaming\WinRAR
2013-06-22 10:05 - 2013-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-06-22 10:04 - 2013-06-22 10:04 - 00000000 ____D C:\Program Files (x86)\Vittalia
2013-06-21 22:02 - 2013-06-26 19:26 - 00000000 ___RD C:\Users\Home\Desktop\Marija
2013-06-21 21:53 - 2013-06-27 09:43 - 00000000 ___RD C:\Users\Home\Desktop\Marko
2013-06-21 21:46 - 2013-06-21 22:21 - 00000000 ____D C:\Users\Home\AppData\Local\Microsoft Games
2013-06-21 21:42 - 2013-06-21 21:43 - 00000000 ____D C:\Program Files\CCleaner
2013-06-21 21:42 - 2013-06-21 21:42 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-21 21:36 - 2013-06-26 20:44 - 00000000 ___RD C:\Users\Home\Desktop\Sladjan
2013-06-21 19:00 - 2013-06-23 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-21 14:45 - 2013-06-21 14:45 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 14:45 - 2013-06-21 14:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-21 13:53 - 2013-06-21 13:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-30 15:12 - 2013-06-21 13:11 - 00000000 ____D C:\Users\Home\AppData\Local\Newsoft
2013-05-30 15:12 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\Documents\Presto! PVR
2013-05-30 15:09 - 2009-10-25 18:43 - 00117152 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00117152 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\System32\Drivers\RTL2832UBDA.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00038944 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2013-05-30 15:09 - 2009-10-25 18:43 - 00038944 ____A (REALTEK SEMICONDUCTOR Corp.) C:\Windows\System32\Drivers\RTL2832UUSB.sys
2013-05-30 15:09 - 2009-10-05 05:22 - 00044320 ____A (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2013-05-30 15:09 - 2009-10-05 05:22 - 00044320 ____A (Realtek) C:\Windows\System32\Drivers\RTL2832U_IRHID.sys
2013-05-30 15:08 - 2013-06-21 13:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Home\AppData\Roaming\InstallShield
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-05-30 15:08 - 2009-10-15 19:36 - 00139356 ____A (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2013-05-30 15:08 - 2009-10-15 00:22 - 00348239 ___AT (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2013-05-30 15:08 - 2009-10-15 00:16 - 04690000 ____A (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2013-05-30 15:08 - 2009-10-14 23:03 - 00053248 ____A C:\Windows\SysWOW64\RTKDABMWare.dll
2013-05-30 15:08 - 2009-10-14 19:21 - 00135294 ____A (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2013-05-30 15:08 - 2009-09-10 22:15 - 00114688 ___AT (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2013-05-30 15:08 - 2009-09-10 19:44 - 00073832 ____A C:\Windows\SysWOW64\SuperFrameSplitter.dll

==================== One Month Modified Files and Folders =======

2013-06-29 20:26 - 2013-06-29 20:26 - 00356397 ____A (Farbar) C:\Users\Home\Downloads\FSS.exe
2013-06-29 20:26 - 2013-06-29 11:18 - 00015614 ____A C:\Windows\WindowsUpdate.log
2013-06-29 20:23 - 2013-06-29 20:23 - 00000056 ____A C:\Windows\setupact.log
2013-06-29 20:23 - 2013-06-29 20:23 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 20:23 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 20:14 - 2013-06-29 18:51 - 00000000 ____D C:\FRST
2013-06-29 20:12 - 2013-06-29 20:12 - 01933592 ____A (Farbar) C:\Users\Home\Desktop\FRST64.exe
2013-06-29 20:06 - 2013-06-29 13:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 19:28 - 2013-06-29 19:27 - 00000000 ____D C:\Users\Home\Desktop\kuh
2013-06-29 19:28 - 2013-04-02 19:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\Winamp
2013-06-29 18:03 - 2013-06-29 15:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-29 17:45 - 2013-06-29 17:45 - 00000000 ____D C:\Users\Home\Desktop\didf
2013-06-29 17:32 - 2013-04-02 17:56 - 00000000 ____D C:\ProgramData\MFAData
2013-06-29 16:17 - 2013-06-29 16:17 - 00000000 ____D C:\Users\Home\Documents\Simply Super Software
2013-06-29 16:16 - 2013-06-29 16:16 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-29 16:03 - 2013-04-02 18:25 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-29 15:48 - 2013-06-22 13:42 - 00000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
2013-06-29 15:21 - 2013-04-01 15:10 - 00000000 ____D C:\users\Home
2013-06-29 15:01 - 2013-06-29 15:01 - 00000761 ____A C:\Users\Home\Desktop\Spybot - Search & Destroy.lnk
2013-06-29 14:04 - 2013-06-29 13:14 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-06-29 13:15 - 2013-06-29 13:12 - 00000000 ____D C:\Users\Home\AppData\Local\Adobe
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-06-29 13:14 - 2013-06-29 13:14 - 00000000 ____D C:\ProgramData\McAfee
2013-06-29 13:14 - 2013-04-01 17:00 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:14 - 2013-04-01 17:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 13:10 - 2013-04-02 19:06 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-06-29 13:10 - 2013-04-02 19:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Deployment
2013-06-29 12:57 - 2013-06-29 12:57 - 00000000 ____D C:\Users\Home\AppData\Local\Apps\2.0
2013-06-28 21:11 - 2013-06-28 21:08 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-06-28 21:09 - 2013-06-28 21:09 - 00000000 ____D C:\ProgramData\StarApp
2013-06-28 16:56 - 2013-06-28 16:56 - 00000000 ____D C:\Users\Home\AppData\Roaming\Foxit Software
2013-06-27 17:15 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-27 09:47 - 2013-06-27 09:41 - 00000000 ____D C:\Users\Home\AppData\Roaming\PhotoScape
2013-06-27 09:45 - 2013-06-27 09:44 - 00006144 ___AH C:\Users\Home\Desktop\photothumb.db
2013-06-27 09:43 - 2013-06-21 21:53 - 00000000 ___RD C:\Users\Home\Desktop\Marko
2013-06-27 09:41 - 2013-06-27 09:41 - 00001031 ____A C:\Users\Home\Desktop\PhotoScape.lnk
2013-06-27 09:41 - 2013-06-27 09:41 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-27 09:34 - 2009-07-14 07:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 20:44 - 2013-06-21 21:36 - 00000000 ___RD C:\Users\Home\Desktop\Sladjan
2013-06-26 19:34 - 2013-06-26 19:33 - 00000000 ____D C:\ProgramData\AVG
2013-06-26 19:33 - 2013-06-26 19:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\AVG
2013-06-26 19:32 - 2013-06-26 19:32 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-26 19:26 - 2013-06-21 22:02 - 00000000 ___RD C:\Users\Home\Desktop\Marija
2013-06-26 16:09 - 2013-06-26 16:09 - 00000000 ____D C:\ProgramData\Real
2013-06-26 16:06 - 2013-06-26 16:06 - 00000000 ____D C:\Users\Home\AppData\Roaming\DownLite
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Users\Home\AppData\Local\Google
2013-06-26 16:03 - 2013-06-26 16:03 - 00000000 ____D C:\Program Files (x86)\Industriya
2013-06-26 15:27 - 2013-06-26 15:27 - 00000000 ____D C:\Users\Home\Documents\JoWooD
2013-06-25 20:33 - 2013-04-01 15:10 - 00000000 ____D C:\Users\Home\AppData\Local\VirtualStore
2013-06-23 20:02 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-23 20:01 - 2013-06-21 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 20:00 - 2013-06-23 20:00 - 00000000 ____D C:\Program Files (x86)\WebCake
2013-06-22 17:02 - 2013-04-02 19:09 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype
2013-06-22 17:01 - 2013-04-02 19:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-22 17:01 - 2013-04-02 19:09 - 00000000 ____D C:\ProgramData\Skype
2013-06-22 14:43 - 2013-06-22 14:43 - 00000000 ____D C:\Users\Home\Downloads\Nova fascikla
2013-06-22 13:59 - 2009-07-14 06:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 13:59 - 2009-07-14 06:45 - 00020832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 13:05 - 2013-06-22 13:05 - 00000000 ____D C:\Program Files (x86)\GOG.com
2013-06-22 12:59 - 2013-06-22 12:45 - 00000000 ____D C:\Users\Home\AppData\Roaming\WinRAR
2013-06-22 12:47 - 2013-06-22 12:47 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 10:05 - 2013-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-06-22 10:04 - 2013-06-22 10:04 - 00000000 ____D C:\Program Files (x86)\Vittalia
2013-06-22 06:10 - 2013-04-01 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-21 22:21 - 2013-06-21 21:46 - 00000000 ____D C:\Users\Home\AppData\Local\Microsoft Games
2013-06-21 21:52 - 2013-04-02 01:02 - 00000000 ____D C:\Windows\Panther
2013-06-21 21:43 - 2013-06-21 21:42 - 00000000 ____D C:\Program Files\CCleaner
2013-06-21 21:42 - 2013-06-21 21:42 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-21 14:45 - 2013-06-21 14:45 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 14:45 - 2013-06-21 14:45 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 14:45 - 2013-06-21 14:45 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-21 14:45 - 2013-04-01 15:44 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-21 14:45 - 2013-04-01 15:44 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-21 13:59 - 2013-04-02 18:26 - 00000977 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-21 13:53 - 2013-06-21 13:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-21 13:52 - 2013-05-30 15:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-21 13:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-21 13:11 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\AppData\Local\Newsoft
2013-05-30 15:12 - 2013-05-30 15:12 - 00000000 ____D C:\Users\Home\Documents\Presto! PVR
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Home\AppData\Roaming\InstallShield
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Program Files (x86)\Realtek

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 20:52

==================== End Of Log ============================

Dopuna: 29 Jun 2013 20:29

Farbar Service Scanner Version: 27-06-2013
Ran by Home (administrator) on 29-06-2013 at 20:28:36
Running from "C:\Users\Home\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Dopuna: 29 Jun 2013 20:35

https://www.mycity.rs/must-login.png

Dopuna: 29 Jun 2013 20:36

Stanje računara je sada bolje, ne pojavljuje se više trojanski konj na početku.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Ok, da popravimo stetu koju je virus naneo


Preuzmi ESET services repair tool na Desktop.

Pokreni ServicesRepair.exe

Klikni Yes kada se pojavi prozor

Kada alat zavrsi, zatrazice ti da restartujes racunar. Klikni na Yes

Nakon restarta, na Desktop-u ce se nalaziti CC Support folder, a u okviru njega folder Logs

Unutar foldera Logs se nalazi SvcRepair.txt fajl ciji sadrzaj treba da kopiras u temu.

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Napisano: 29 Jun 2013 20:44

Log Opened: 2013-06-29 @ 20:41:02
20:41:02 - -----------------
20:41:02 - | Begin Logging |
20:41:02 - -----------------
20:41:02 - Fix started on a WIN_7 X64 computer
20:41:02 - Prep in progress. Please Wait.
20:41:02 - Prep complete
20:41:02 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: Sistem ne može da pronađe navedenu datoteku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: Sistem ne može da pronađe navedenu datoteku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: Sistem ne može da pronađe navedenu datoteku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: Sistem ne može da pronađe navedenu datoteku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: Sistem ne može da pronađe navedenu datoteku.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
20:41:04 - Services Repair Complete.
20:41:29 - Reboot Initiated

Dopuna: 29 Jun 2013 20:48

Da li mogu i Ccleaner da koristim?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow To bi bilo to, malware je uklonjen sa sistema Smile

U Ambulanti resavamo samo probleme uzrokovane malware-om, za sva ostala pitanja otvori temu u Windows potforumu, a neko ce ti dati sugestije.



Da pocistimo koriscene alate:

Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt



Arrow Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

offline
  • Mare Ivanović
  • Sam svoj majstor
  • Pridružio: 30 Maj 2013
  • Poruke: 423
  • Gde živiš: U kući

Hvala ti puno!!!

Ko je trenutno na forumu
 

Ukupno su 1331 korisnika na forumu :: 45 registrovanih, 7 sakrivenih i 1279 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aleksmajstor, amaterSRB, Atomski čoban, BlekMen, bojanM84, bufanje, comi_pfc, Dimitrise93, draganca, Griffon vulture, GveX, Ilija Cvorovic, Istman, Karla, kolle.the.kid, kovinacc, loon123, mikrimaus, MILO-VAN, milutin134, misa1xx, Mixelotti, mnn2, nemkea71, ostoja, pacika, pein, procesor, Rakenica, Sir Budimir, Sirius, slonic_tonic, solic, Srle993, suton, Tragač, tubular, vaso1, vathra, VP6919, yrraf, Zeka_Peka, zzapNDjuric99