Poslao: 29 Maj 2014 15:41
|
offline
- Pridružio: 26 Dec 2013
- Poruke: 39
- Gde živiš: krusevac
|
Koristim avast antivirus i stalno se javljaju neke infekcije na svakih pola sata ,sat.Neznam o cemu je rec.Ako moze neko da mi pomogne bila bih mu zahvalna.Jedna od infekcija je i ova :
URL
hxxp://d177dk26a4y9jb.cloudfront.net/object-browser3.exe
Infection
Win32:Malware-gen
|
|
|
|
|
Poslao: 29 Maj 2014 17:20
|
offline
- Pridružio: 26 Dec 2013
- Poruke: 39
- Gde živiš: krusevac
|
Imala sam juce problem sa radom racunara isto ovo sam postavila pa zbog toga nema puno informacija .
LastRegBack: 2014-05-29 04:17
==================== End Of Log ============================
mycity.rs/must-login.png
|
|
|
|
Poslao: 29 Maj 2014 22:49
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6103
|
julijeta, mozes li ponovo da pokrenes FRST alat, samo lupi Scan dugme i iskopiraj sadrzaj sveze-formiranig primarnog (FRST.txt) izvestaja koji ti se otvori, u sledecu poruku na forum.
|
|
|
|
Poslao: 30 Maj 2014 07:32
|
offline
- Pridružio: 26 Dec 2013
- Poruke: 39
- Gde živiš: krusevac
|
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by DRAGAN (administrator) on DRAGAN-PC on 29-05-2014 22:30:46
Running from C:\Users\DRAGAN\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-04] (AVAST Software)
HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [24576 2003-06-19] (Creative Technology Ltd)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL
HKLM\...\Run: [DevconDefaultDB] => C:\Windows\READREG /PSCONV={NO}
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SetDefaultMIDI] => C:\Windows\MIDIDef.exe [49152 2002-12-03] (Creative Technology Ltd)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [SpeedItupFree] => "C:\Program Files\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1536180709-4104921558-1111698551-1003\...\Run: [DAEMON Tools Lite] => "C:\Users\DRAGAN\Desktop\DAEMON Tools Lite\DTLite.exe" -autorun
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft)
FF Extension: Adblock Plus - C:\Users\DRAGAN\AppData\Roaming\Mozilla\Firefox\Profiles\1cqr8ha4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-22]
Chrome:
=======
CHR HomePage:
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-04] (AVAST Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-04] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [178304 2013-12-04] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [287920 2003-03-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-11-02] (DT Soft Ltd)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [860592 2003-06-27] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [159040 2003-06-27] (Creative Technology Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2013-12-24] (REALiX(tm))
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [101120 2009-11-04] (Huawei Technologies Co., Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 ALCXWDM; system32\drivers\RTKVAC.SYS [X]
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 08:16 - 2014-05-29 22:30 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-29 08:15 - 2014-05-29 08:16 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-29 08:14 - 2014-05-29 22:30 - 00000000 ____D () C:\FRST
2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 13:32 - 2014-03-05 04:57 - 00000426 _____ () C:\AVScanner.ini
2014-05-28 13:09 - 2014-05-28 22:44 - 00000888 _____ () C:\Windows\PFRO.log
2014-05-28 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-27 10:58 - 2014-05-29 22:12 - 00000504 _____ () C:\Windows\setupact.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-14 14:31 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 14:31 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 14:31 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 05:40 - 2014-04-11 19:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 05:40 - 2014-04-11 19:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 05:40 - 2014-04-11 19:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 05:40 - 2014-04-11 19:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 05:40 - 2014-04-11 19:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 05:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 05:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 05:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 05:40 - 2014-03-04 02:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 05:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip
==================== One Month Modified Files and Folders =======
2014-05-29 22:31 - 2014-05-29 08:16 - 00010267 _____ () C:\Users\DRAGAN\Downloads\FRST.txt
2014-05-29 22:30 - 2014-05-29 08:14 - 00000000 ____D () C:\FRST
2014-05-29 22:28 - 2012-11-11 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 22:22 - 2012-03-18 06:06 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Skype
2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 22:18 - 2009-07-13 21:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 22:17 - 2011-10-03 11:09 - 00336956 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 22:13 - 2011-10-03 11:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 22:12 - 2014-05-27 10:58 - 00000504 _____ () C:\Windows\setupact.log
2014-05-29 22:12 - 2013-03-16 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 22:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 13:39 - 2013-12-09 12:55 - 01242008 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 09:53 - 2011-10-03 11:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 08:16 - 2014-05-29 08:15 - 00020870 _____ () C:\Users\DRAGAN\Downloads\Addition.txt
2014-05-29 08:14 - 2014-05-29 08:14 - 01056256 _____ (Farbar) C:\Users\DRAGAN\Downloads\FRST.exe
2014-05-29 00:34 - 2013-05-22 13:31 - 00001687 _____ () C:\DelFix.txt
2014-05-29 00:33 - 2014-05-29 00:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 22:44 - 2014-05-28 13:09 - 00000888 _____ () C:\Windows\PFRO.log
2014-05-27 10:58 - 2014-05-27 10:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-27 08:06 - 2011-10-03 11:37 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Winamp
2014-05-26 10:13 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-26 07:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 ____D () C:\Users\DRAGAN\AppData\Local\CrashRpt
2014-05-26 07:26 - 2014-05-26 07:26 - 00000000 _____ () C:\ProgramData\spds90.txt
2014-05-26 07:24 - 2014-05-26 07:24 - 00232824 _____ (Fusion Install ) C:\Users\DRAGAN\Downloads\StartDownload.exe
2014-05-26 07:17 - 2014-05-26 07:17 - 00006435 _____ () C:\Users\DRAGAN\Downloads\GTA.4.Working.(zabranjeno).PROPER-X5l0V3R-[rarbg.com].torrent
2014-05-26 07:15 - 2014-05-26 07:15 - 00050812 _____ () C:\Users\DRAGAN\Downloads\Watch Dogs-Digital Deluxe-SKIDROW(zabranjeno)-[rarbg.com].torrent
2014-05-24 05:04 - 2012-07-18 02:35 - 00000000 ____D () C:\Users\DRAGAN\AppData\Roaming\Nitro PDF
2014-05-21 00:09 - 2012-05-22 11:25 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 03:16 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 01:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 14:34 - 2013-07-22 13:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 14:33 - 2011-10-16 08:54 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 05:30 - 2012-11-11 06:57 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 05:30 - 2011-11-18 06:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 04:16 - 2011-10-03 11:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 23:52 - 2014-05-08 23:52 - 00081007 _____ () C:\Users\DRAGAN\Downloads\Pic_00372.zip
2014-05-08 12:01 - 2013-05-22 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 20:25 - 2014-05-14 14:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:07 - 2014-05-14 14:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 19:10 - 2014-05-14 14:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 00:29 - 2009-07-13 21:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 05:40] - [2014-03-04 02:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 04:17
==================== End Of Log ============================
|
|
|
|
Poslao: 31 Maj 2014 07:39
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6103
|
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
File: C:\Users\DRAGAN\Downloads\StartDownload.exe
C:\Program Files\YTDownloader
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe
C:\DelFix.txt
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe
Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: RD /S /Q %WINDIR%\TEMP
Reboot:
End
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
|
|
|
|
Poslao: 31 Maj 2014 12:22
|
offline
- Pridružio: 26 Dec 2013
- Poruke: 39
- Gde živiš: krusevac
|
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by DRAGAN at 2014-05-31 03:16:48 Run:2
Running from C:\Users\DRAGAN\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
File: C:\Users\DRAGAN\Downloads\StartDownload.exe
C:\Program Files\YTDownloader
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe
C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe
C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe
C:\DelFix.txt
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
CHR Extension: (Google новчаник) - C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
S3 catchme; \??\C:\Users\DRAGAN\AppData\Local\Temp\catchme.sys [X]
Task: {CD100348-27AF-4565-9F1E-6A43E080F05A} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe
Task: {973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} - System32\Tasks\Installer_sense => C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
Task: {EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} - System32\Tasks\Installer_cr => C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe [2014-05-26] () <==== ATTENTION
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: DEL %WINDIR%\TEMP\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
CMD: RD /S /Q %WINDIR%\TEMP
Reboot:
End
*****************
========================= File: C:\Users\DRAGAN\Downloads\StartDownload.exe ========================
MD5: 7CD55B1D1E0C07AF02CF30D52FAD882E
Creation and modification date: 2014-05-26 07:24 - 2014-05-26 07:24
Size: 0232824
Attributes: ----A
Company Name: Fusion Install
Internal Name:
Original Name:
Product Name: Fusion Install
Description: Fusion Install
File Version: 2.4.8.1
Product Version: 2.4.8.1
Copyright: Copyright (C) 2013 Fusion Install
====== End Of File: ======
"C:\Program Files\YTDownloader" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Temp\dufgmr4c.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Temp\tu17p84.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Installer\Install_21306\ytdi_adk_setup_20140317.exe" => File/Directory not found.
"C:\Users\DRAGAN\AppData\Local\Installer\Install_1936\ytdi_adk_setup_20140317.exe" => File/Directory not found.
"C:\DelFix.txt" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
HKU\S-1-5-21-1536180709-4104921558-1111698551-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
C:\Users\DRAGAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
catchme => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD100348-27AF-4565-9F1E-6A43E080F05A} => Key not found.
C:\Windows\System32\Tasks\YTDownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{973AEE90-A880-4DA5-8F83-9A54BBC3C9B3} => Key not found.
C:\Windows\System32\Tasks\Installer_sense not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_sense => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA81F7DE-D72A-495D-9715-5BE4C2F21C4B} => Key not found.
C:\Windows\System32\Tasks\Installer_cr not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr => Key not found.
========= DEL %TEMP%\*.* /F /S /Q =========
C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt
Proces ne moze da pristupi datoteci jer je koristi drugi proces.
========= End of CMD: =========
========= DEL %WINDIR%\TEMP\*.* /F /S /Q =========
C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F
Proces ne moze da pristupi datoteci jer je koristi drugi proces.
Deleted file - C:\Windows\TEMP\avast_ash\Mozilla Firefox\update.xml
C:\Windows\TEMP\_avast_\Webshlock.txt
Proces ne moze da pristupi datoteci jer je koristi drugi proces.
========= End of CMD: =========
========= RD /S /Q %TEMP% =========
C:\Users\DRAGAN\AppData\Local\Temp\etilqs_JCcPACTjMoxkjHl - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Users\DRAGAN\AppData\Local\Temp\etilqs_sLMrmGPXhFCb34P - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Users\DRAGAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
========= End of CMD: =========
========= RD /S /Q %WINDIR%\TEMP =========
C:\Windows\TEMP\TMP000000176C4D9D4B974CB86F - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
C:\Windows\TEMP\_avast_\Webshlock.txt - Proces ne moze da pristupi datoteci jer je koristi drugi proces.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog ====
|
|
|
|
|
Poslao: 01 Jun 2014 16:52
|
offline
- Pridružio: 26 Dec 2013
- Poruke: 39
- Gde živiš: krusevac
|
Napisano: 01 Jun 2014 16:51
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org
Database version: v2014.06.01.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
DRAGAN :: DRAGAN-PC [administrator]
6/1/2014 7:08:43 AM
mbar-log-2014-06-01 (07-08-43).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 268460
Time elapsed: 14 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\DRAGAN\Downloads\MinecraftSP.jar.exe (Trojan.InstallMonetizer) -> Delete on reboot.
C:\Users\DRAGAN\Desktop\igrice\fudbal\(zabranjeno)\rzr-uefa.exe (Trojan.Downloader) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Dopuna: 01 Jun 2014 16:52
mycity.rs/must-login.png
|
|
|
|
|