Virus !!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Koristim avast antivirus i stalno se javljaju neke infekcije na svakih pola sata ,sat.Neznam o cemu je rec.Ako moze neko da mi pomogne bila bih mu zahvalna.Jedna od infekcija je i ova :

URL
[Link mogu videti samo ulogovani korisnici]

Infection
Win32:Malware-gen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav julijeta 2,

Isprati instrukcije date u ovoj temi, za preuzimanje i pokretanje naseg primarnog dijagnostic alata FRST i postavi njegove logove na uvid.
[Link mogu videti samo ulogovani korisnici]

Jedino na taj nacin AMF Tim ce imati jasnu sliku sa cime tacno ima posla.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Imala sam juce problem sa radom racunara isto ovo sam postavila pa zbog toga nema puno informacija .

LastRegBack: 2014-05-29 04:17

==================== End Of Log ============================
[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

julijeta, mozes li ponovo da pokrenes FRST alat, samo lupi Scan dugme i iskopiraj sadrzaj sveze-formiranig primarnog (FRST.txt) izvestaja koji ti se otvori, u sledecu poruku na forum.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by DRAGAN (administrator) on DRAGAN-PC on 29-05-2014 22:30:46
Running from C:\Users\DRAGAN\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Link mogu videti samo ulogovani korisnici]
Download link for 64-Bit Version: [Link mogu videti samo ulogovani korisnici]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-04] (AVAST Software)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [24576 2003-06-19] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [DevconDefaultDB] => C:\Windows\READREG /PSCONV={NO}
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [49152 2002-12-03] (Creative Technology Ltd)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link mogu videti samo ulogovani korisnici]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft)
FF Extension: Adblock Plus - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-22]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-04] (AVAST Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-04] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-02] (DT Soft Ltd)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [860592 2003-06-27] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [159040 2003-06-27] (Creative Technology Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2013-12-24] (REALiX(tm))
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [101120 2009-11-04] (Huawei Technologies Co., Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 ALCXWDM; system32\drivers\RTKVAC.SYS [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 08:16 - 2014-05-29 22:30 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-29 08:15 - 2014-05-29 08:16 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-29 08:14 - 2014-05-29 22:30 - 00000000 ____D () C:\FRST
2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 13:32 - 2014-03-05 04:57 - 00000426 _____ () C:\AVScanner.ini
2014-05-28 13:09 - 2014-05-28 22:44 - 00000888 _____ () C:\Windows\PFRO.log
2014-05-28 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-27 10:58 - 2014-05-29 22:12 - 00000504 _____ () C:\Windows\setupact.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-14 14:31 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:40 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:40 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:40 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 05:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip

==================== One Month Modified Files and Folders =======

2014-05-29 22:31 - 2014-05-29 08:16 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-29 22:30 - 2014-05-29 08:14 - 00000000 ____D () C:\FRST
2014-05-29 22:28 - 2012-11-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 22:22 - 2012-03-18 06:06 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Skype
2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 22:17 - 2011-10-03 11:09 - 00336956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 22:13 - 2011-10-03 11:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 22:12 - 2014-05-27 10:58 - 00000504 _____ () C:\Windows\setupact.log
2014-05-29 22:12 - 2013-03-16 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 22:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 13:39 - 2013-12-09 12:55 - 01242008 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:53 - 2011-10-03 11:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 08:16 - 2014-05-29 08:15 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-29 00:34 - 2013-05-22 13:31 - 00001687 _____ () C:\DelFix.txt
2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 22:44 - 2014-05-28 13:09 - 00000888 _____ () C:\Windows\PFRO.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 08:06 - 2011-10-03 11:37 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Winamp
2014-05-26 10:13 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 07:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-24 05:04 - 2012-07-18 02:35 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Nitro PDF
2014-05-21 00:09 - 2012-05-22 11:25 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 03:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 01:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 14:34 - 2013-07-22 13:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 14:33 - 2011-10-16 08:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:30 - 2012-11-11 06:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 05:30 - 2011-11-18 06:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 04:16 - 2011-10-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip
2014-05-08 12:01 - 2013-05-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 20:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 19:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 00:29 - 2009-07-13 21:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 05:40] - [2014-03-04 02:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 04:17

==================== End Of Log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
File: C:\Users\DRAGAN\Downloads\StartDownload.exe
C:\Program Files\YTDownloader
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe
C:\DelFix.txt
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe
Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: RD /S /Q %WINDIR%\TEMP
Reboot:
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by DRAGAN at 2014-05-31 03:16:48 Run:2
Running from C:\Users\DRAGAN\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
File: C:\Users\DRAGAN\Downloads\StartDownload.exe
C:\Program Files\YTDownloader
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe
C:\DelFix.txt
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe
Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: RD /S /Q %WINDIR%\TEMP
Reboot:
End
*****************


========================= File: C:\Users\DRAGAN\Downloads\StartDownload.exe ========================

MD5: 7CD55B1D1E0C07AF02CF30D52FAD882E
Creation and modification date: 2014-05-26 07:24 - 2014-05-26 07:24
Size: 0232824
Attributes: ----A
Company Name: Fusion Install
Internal Name:
Original Name:
Product Name: Fusion Install
Description: Fusion Install
File Version: 2.4.8.1
Product Version: 2.4.8.1
Copyright: Copyright (C) 2013 Fusion Install

====== End Of File: ======

"C:\Program Files\YTDownloader" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe" => File/Directory not found.
"C:\DelFix.txt" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
catchme => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD100348-27AF-4565-9F1E-6A43E080F05A} => Key not found.
C:\Windows\System32\Tasks\YTDownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} => Key not found.
C:\Windows\System32\Tasks\Installer_sense not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} => Key not found.
C:\Windows\System32\Tasks\Installer_cr not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr => Key not found.

========= DEL %TEMP%\*.* /F /S /Q =========

C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt
Proces ne moze da pristupi datoteci jer je koristi drugi proces.

========= End of CMD: =========


========= DEL %WINDIR%\TEMP\*.* /F /S /Q =========

C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F
Proces ne moze da pristupi datoteci jer je koristi drugi proces.
Deleted file - C:\Windows\TEMP\avast_ash\Mozilla Firefox\update.xml
C:\Windows\TEMP\_avast_\Webshlock.txt
Proces ne moze da pristupi datoteci jer je koristi drugi proces.

========= End of CMD: =========


========= RD /S /Q %TEMP% =========

C:\Users\DRAGAN\AppData\Local\Temp\etilqs_JCcPACTjMoxkjHl - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Users\DRAGAN\AppData\Local\Temp\etilqs_sLMrmGPXhFCb34P - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces.

========= End of CMD: =========


========= RD /S /Q %WINDIR%\TEMP =========

C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Windows\TEMP\_avast_\Webshlock.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobro ... idemo sad dodatno da pregledamo taj sistem ali sa neke druge tacke gledista.







Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 01 Jun 2014 16:51

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
[Link mogu videti samo ulogovani korisnici]

Database version: v2014.06.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
DRAGAN :: DRAGAN-PC [administrator]

6/1/2014 7:08:43 AM
mbar-log-2014-06-01 (07-08-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 268460
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\DRAGAN\Downloads\MinecraftSP.jar.exe (Trojan.InstallMonetizer) -> Delete on reboot.
C:\Users\DRAGAN\Desktop\igrice\fudbal\(zabranjeno)\rzr-uefa.exe (Trojan.Downloader) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dopuna: 01 Jun 2014 16:52

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, reci mi kako ti se sad ponasa racunar?