MyCity » Ambulanta -> Arhiva Ambulante » Virus !!!!

Virus !!!!

Napisano na dan: 29.5.2014

Strana:
1
2

Virus !!!!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

julijeta 2 Poslao: 29 Maj 2014 15:41 Idi na vrh
offline julijeta 2 Građanin Pridružio: 26 Dec 2013 Poruke: 39 Gde živiš: krusevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koristim avast antivirus i stalno se javljaju neke infekcije na svakih pola sata ,sat.Neznam o cemu je rec.Ako moze neko da mi pomogne bila bih mu zahvalna.Jedna od infekcija je i ova : URL hxxp://d177dk26a4y9jb.cloudfront.net/object-browser3.exe Infection Win32:Malware-gen

Profil

magna86 Poslao: 29 Maj 2014 16:38 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav julijeta 2, Isprati instrukcije date u ovoj temi, za preuzimanje i pokretanje naseg primarnog dijagnostic alata FRST i postavi njegove logove na uvid. http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Jedino na taj nacin AMF Tim ce imati jasnu sliku sa cime tacno ima posla.

Profil

julijeta 2 Poslao: 29 Maj 2014 17:20 Idi na vrh
offline julijeta 2 Građanin Pridružio: 26 Dec 2013 Poruke: 39 Gde živiš: krusevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imala sam juce problem sa radom racunara isto ovo sam postavila pa zbog toga nema puno informacija . LastRegBack: 2014-05-29 04:17 ==================== End Of Log ============================ mycity.rs/must-login.png

Profil

magna86 Poslao: 29 Maj 2014 22:49 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! julijeta, mozes li ponovo da pokrenes FRST alat, samo lupi Scan dugme i iskopiraj sadrzaj sveze-formiranig primarnog (FRST.txt) izvestaja koji ti se otvori, u sledecu poruku na forum.

Profil

julijeta 2 Poslao: 30 Maj 2014 07:32 Idi na vrh
offline julijeta 2 Građanin Pridružio: 26 Dec 2013 Poruke: 39 Gde živiš: krusevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02 Ran by DRAGAN (administrator) on DRAGAN-PC on 29-05-2014 22:30:46 Running from C:\Users\DRAGAN\Downloads Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-04] (AVAST Software) HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [24576 2003-06-19] (Creative Technology Ltd) HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL HKLM\...\Run: [DevconDefaultDB] => C:\Windows\READREG /PSCONV={NO} HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.) HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [49152 2002-12-03] (Creative Technology Ltd) HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe" HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.) HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft) FF Extension: Adblock Plus - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-22] Chrome: ======= CHR HomePage: CHR Extension: (Google Ð½Ð¾Ð²Ñ‡Ð°Ð½Ð¸Ðº) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-04] (AVAST Software) R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-04] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-04] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-04] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-04] () S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-26] (Creative Technology Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-02] (DT Soft Ltd) S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [860592 2003-06-27] (Creative Technology Ltd) S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [159040 2003-06-27] (Creative Technology Ltd) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2013-12-24] (REALiX(tm)) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [101120 2009-11-04] (Huawei Technologies Co., Ltd.) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation) S3 ALCXWDM; system32\drivers\RTKVAC.SYS [X] S2 avgntflt; system32\DRIVERS\avgntflt.sys [X] S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 08:16 - 2014-05-29 22:30 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt 2014-05-29 08:15 - 2014-05-29 08:16 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt 2014-05-29 08:14 - 2014-05-29 22:30 - 00000000 ____D () C:\FRST 2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe 2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT 2014-05-28 13:32 - 2014-03-05 04:57 - 00000426 _____ () C:\AVScanner.ini 2014-05-28 13:09 - 2014-05-28 22:44 - 00000888 _____ () C:\Windows\PFRO.log 2014-05-28 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-27 10:58 - 2014-05-29 22:12 - 00000504 _____ () C:\Windows\setupact.log 2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt 2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt 2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe 2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent 2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent 2014-05-14 14:31 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 14:31 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 14:31 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 05:40 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 05:40 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 05:40 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 05:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 05:40 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 05:40 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 05:40 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 05:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 05:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-05-14 05:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 05:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 05:40 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 05:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip ==================== One Month Modified Files and Folders ======= 2014-05-29 22:31 - 2014-05-29 08:16 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt 2014-05-29 22:30 - 2014-05-29 08:14 - 00000000 ____D () C:\FRST 2014-05-29 22:28 - 2012-11-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-29 22:22 - 2012-03-18 06:06 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Skype 2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-29 22:17 - 2011-10-03 11:09 - 00336956 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-29 22:13 - 2011-10-03 11:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 22:12 - 2014-05-27 10:58 - 00000504 _____ () C:\Windows\setupact.log 2014-05-29 22:12 - 2013-03-16 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-29 22:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-29 13:39 - 2013-12-09 12:55 - 01242008 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 09:53 - 2011-10-03 11:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 08:16 - 2014-05-29 08:15 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt 2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe 2014-05-29 00:34 - 2013-05-22 13:31 - 00001687 _____ () C:\DelFix.txt 2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT 2014-05-28 22:44 - 2014-05-28 13:09 - 00000888 _____ () C:\Windows\PFRO.log 2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-27 08:06 - 2011-10-03 11:37 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Winamp 2014-05-26 10:13 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-26 07:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt 2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt 2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe 2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent 2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent 2014-05-24 05:04 - 2012-07-18 02:35 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Nitro PDF 2014-05-21 00:09 - 2012-05-22 11:25 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-15 03:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache 2014-05-15 01:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-05-14 14:34 - 2013-07-22 13:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 14:33 - 2011-10-16 08:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 05:30 - 2012-11-11 06:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-05-14 05:30 - 2011-11-18 06:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-05-10 04:16 - 2011-10-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip 2014-05-08 12:01 - 2013-05-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-05-05 20:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 20:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 19:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-04 00:29 - 2009-07-13 21:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP: ==================== C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe [2014-05-14 05:40] - [2014-03-04 02:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67 C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 04:17 ==================== End Of Log ============================

Profil

magna86 Poslao: 31 Maj 2014 07:39 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: Start File: C:\Users\DRAGAN\Downloads\StartDownload.exe C:\Program Files\YTDownloader C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe C:\DelFix.txt HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot CHR Extension: (Google Ð½Ð¾Ð²Ñ‡Ð°Ð½Ð¸Ðº) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X] Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION CMD: DEL %TEMP%\. /F /S /Q CMD: DEL %WINDIR%\TEMP\. /F /S /Q CMD: RD /S /Q %TEMP% CMD: RD /S /Q %WINDIR%\TEMP Reboot: End 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Profil

julijeta 2 Poslao: 31 Maj 2014 12:22 Idi na vrh
offline julijeta 2 Građanin Pridružio: 26 Dec 2013 Poruke: 39 Gde živiš: krusevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02 Ran by DRAGAN at 2014-05-31 03:16:48 Run:2 Running from C:\Users\DRAGAN\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start File: C:\Users\DRAGAN\Downloads\StartDownload.exe C:\Program Files\YTDownloader C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe C:\DelFix.txt HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X] Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION CMD: DEL %TEMP%\. /F /S /Q CMD: DEL %WINDIR%\TEMP\. /F /S /Q CMD: RD /S /Q %TEMP% CMD: RD /S /Q %WINDIR%\TEMP Reboot: End ***************** ========================= File: C:\Users\DRAGAN\Downloads\StartDownload.exe ======================== MD5: 7CD55B1D1E0C07AF02CF30D52FAD882E Creation and modification date: 2014-05-26 07:24 - 2014-05-26 07:24 Size: 0232824 Attributes: ----A Company Name: Fusion Install Internal Name: Original Name: Product Name: Fusion Install Description: Fusion Install File Version: 2.4.8.1 Product Version: 2.4.8.1 Copyright: Copyright (C) 2013 Fusion Install ====== End Of File: ====== "C:\Program Files\YTDownloader" => File/Directory not found. "C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => File/Directory not found. "C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe" => File/Directory not found. "C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe" => File/Directory not found. "C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe" => File/Directory not found. "C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe" => File/Directory not found. "C:\DelFix.txt" => File/Directory not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found. HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found. C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found. catchme => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD100348-27AF-4565-9F1E-6A43E080F05A} => Key not found. C:\Windows\System32\Tasks\YTDownloader not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} => Key not found. C:\Windows\System32\Tasks\Installer_sense not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} => Key not found. C:\Windows\System32\Tasks\Installer_cr not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr => Key not found. ========= DEL %TEMP%\. /F /S /Q ========= C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt Proces ne moze da pristupi datoteci jer je koristi drugi proces. ========= End of CMD: ========= ========= DEL %WINDIR%\TEMP\. /F /S /Q ========= C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F Proces ne moze da pristupi datoteci jer je koristi drugi proces. Deleted file - C:\Windows\TEMP\avast_ash\Mozilla Firefox\update.xml C:\Windows\TEMP\_avast_\Webshlock.txt Proces ne moze da pristupi datoteci jer je koristi drugi proces. ========= End of CMD: ========= ========= RD /S /Q %TEMP% ========= C:\Users\DRAGAN\AppData\Local\Temp\etilqs_JCcPACTjMoxkjHl - Proces ne moze da pristupi datoteci jer je koristi drugi proces. C:\Users\DRAGAN\AppData\Local\Temp\etilqs_sLMrmGPXhFCb34P - Proces ne moze da pristupi datoteci jer je koristi drugi proces. C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces. ========= End of CMD: ========= ========= RD /S /Q %WINDIR%\TEMP ========= C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F - Proces ne moze da pristupi datoteci jer je koristi drugi proces. C:\Windows\TEMP\_avast_\Webshlock.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====

Profil

magna86 Poslao: 31 Maj 2014 21:55 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro ... idemo sad dodatno da pregledamo taj sistem ali sa neke druge tacke gledista. Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

julijeta 2 Poslao: 01 Jun 2014 16:52 Idi na vrh
offline julijeta 2 Građanin Pridružio: 26 Dec 2013 Poruke: 39 Gde živiš: krusevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 01 Jun 2014 16:51 Malwarebytes Anti-Rootkit BETA 1.07.0.1009 malwarebytes.org Database version: v2014.06.01.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.17107 DRAGAN :: DRAGAN-PC [administrator] 6/1/2014 7:08:43 AM mbar-log-2014-06-01 (07-08-43).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 268460 Time elapsed: 14 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\DRAGAN\Downloads\MinecraftSP.jar.exe (Trojan.InstallMonetizer) -> Delete on reboot. C:\Users\DRAGAN\Desktop\igrice\fudbal\(zabranjeno)\rzr-uefa.exe (Trojan.Downloader) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) Dopuna: 01 Jun 2014 16:52 mycity.rs/must-login.png

Profil

magna86 Poslao: 01 Jun 2014 16:55 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6103	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, reci mi kako ti se sad ponasa racunar?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus !!!!

Ko je trenutno na forumu

Ukupno su 1170 korisnika na forumu :: 39 registrovanih, 8 sakrivenih i 1123 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, bojankrstc, bolenbgd, Boris90, ccoogg123, cenejac111, dushan, Excalibur13, FileFinder, FOX, Goran 0000, ivan1973, Joco Skljoco, Krvava Devetka, laurusri, Leonov, Lieutenant, Lošmi, Mi lao shu, milutin134, nesa1962, nextyamb, ninareflex, NoOneEver Dreams, operniki, Oscar, raptorsi, Romibrat, Simon simonović, Srle993, StepskiVuk, Stoilkovic, tomigun, Tores, Trpe Grozni, Valter071, šumar bk2, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by