Virusi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 23 Sep 2014 23:11

Skenirao sam sa : malwerebyte antimalware i adwcleanerom naslo je nekih virusa ...

[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Sad cu postaviti izvjestaj frst-a

Dopuna: 23 Sep 2014 23:12

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by DjMrGooD (administrator) on DJMRGOOD-PC on 23-09-2014 23:06:49
Running from C:\Users\DjMrGooD\Desktop
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A8EC8DC31F97A6733EDC99CAF2628342E8C60F4CDF579D05FBD02A42AFC514EA
CHR DefaultSearchURL: Default -> 487F6AA05BC6C5877F537F71C97FA60F5C2EAA8DDB7A5EAA6033F2D36DD317B5
CHR Profile: C:\Users\DjMrGooD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DjMrGooD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (Google Wallet) - C:\Users\DjMrGooD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-09-17] (RaMMicHaeL)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 23:06 - 2014-09-23 23:07 - 00007046 _____ () C:\Users\DjMrGooD\Desktop\FRST.txt
2014-09-23 23:05 - 2014-09-23 23:06 - 00000000 ____D () C:\FRST
2014-09-23 22:57 - 2014-09-23 22:58 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:56 - 2014-09-23 22:57 - 02106368 _____ (Farbar) C:\Users\DjMrGooD\Desktop\FRST64.exe
2014-09-23 22:56 - 2014-09-23 22:56 - 01373475 _____ () C:\Users\DjMrGooD\Downloads\AdwCleaner.exe
2014-09-23 22:55 - 2014-09-23 22:59 - 00000112 _____ () C:\Windows\setupact.log
2014-09-23 22:55 - 2014-09-23 22:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 22:54 - 2014-09-23 22:59 - 00019322 _____ () C:\Windows\PFRO.log
2014-09-23 22:54 - 2014-09-23 22:54 - 00002703 _____ () C:\Users\DjMrGooD\Desktop\PUP.txt
2014-09-23 22:47 - 2014-09-23 22:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-23 22:47 - 2014-09-23 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:47 - 2014-09-23 22:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-23 20:47 - 2014-09-23 23:02 - 00025332 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 20:34 - 2014-09-23 20:43 - 03534336 _____ () C:\Windows\SysWOW64\setup.exe
2014-09-23 20:31 - 2014-09-23 20:32 - 00918440 _____ (Oracle Corporation) C:\Users\DjMrGooD\Downloads\chromeinstall-7u67.exe
2014-09-23 00:08 - 2014-09-23 20:41 - 00000000 ____D () C:\ProgramData\YYoutubeAdBloocke
2014-09-23 00:08 - 2014-09-23 20:40 - 00000000 ____D () C:\Program Files (x86)\YYoutubeAdBloocke
2014-09-23 00:05 - 2014-09-23 20:45 - 00000000 ____D () C:\ProgramData\710e0ff856b03317
2014-09-23 00:05 - 2014-09-23 20:43 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:49 - 2014-09-23 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 19:49 - 2014-09-17 19:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 19:48 - 2014-09-17 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 19:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-17 19:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-17 19:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-17 19:45 - 2014-09-17 19:45 - 00001023 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Windows\pss
2014-09-16 19:15 - 2014-09-16 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-09-16 19:14 - 2014-09-17 19:52 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-09-16 18:53 - 2014-09-16 18:53 - 00000000 ____D () C:\Users\DjMrGooD\Desktop\foto cd
2014-09-11 20:03 - 2014-09-11 20:04 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-11 20:02 - 2014-09-11 20:03 - 00000000 ____D () C:\Users\DjMrGooD\Downloads\WinRAR
2014-09-01 10:36 - 2014-09-01 10:36 - 00002515 _____ () C:\Users\DjMrGooD\Desktop\Skype.lnk
2014-08-27 01:41 - 2014-08-27 01:41 - 00000816 _____ () C:\Users\DjMrGooD\Desktop\µTorrent.lnk
2014-08-27 01:41 - 2014-08-27 01:41 - 00000796 _____ () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-27 01:40 - 2014-09-17 19:38 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\uTorrent
2014-08-27 01:33 - 2014-08-27 01:33 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\JGArcadeApp
2014-08-27 01:27 - 2014-08-27 01:27 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\CrashRpt
2014-08-27 00:31 - 2014-08-27 00:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-26 17:46 - 2014-08-26 17:46 - 00002044 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-08-26 17:46 - 2013-03-12 12:47 - 01431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
2014-08-26 17:45 - 2014-08-27 02:12 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-08-26 17:45 - 2014-08-27 02:12 - 00000000 ____D () C:\Program Files\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00002056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\Documents\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\FlowStone
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-08-26 17:45 - 2009-09-15 11:14 - 01554944 _____ (HMS [Link mogu videti samo ulogovani korisnici]) C:\Windows\SysWOW64\vorbis.acm
2014-08-26 17:39 - 2014-08-27 02:12 - 00000000 ____D () C:\Program Files (x86)\Image-Line

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 23:07 - 2014-09-23 23:06 - 00007046 _____ () C:\Users\DjMrGooD\Desktop\FRST.txt
2014-09-23 23:07 - 2014-06-30 02:02 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 23:06 - 2014-09-23 23:05 - 00000000 ____D () C:\FRST
2014-09-23 23:06 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 23:06 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 23:05 - 2009-07-14 07:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 23:02 - 2014-09-23 20:47 - 00025332 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 22:59 - 2014-09-23 22:55 - 00000112 _____ () C:\Windows\setupact.log
2014-09-23 22:59 - 2014-09-23 22:54 - 00019322 _____ () C:\Windows\PFRO.log
2014-09-23 22:59 - 2014-06-30 02:02 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 22:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 22:58 - 2014-09-23 22:57 - 00000000 ____D () C:\AdwCleaner
2014-09-23 22:57 - 2014-09-23 22:56 - 02106368 _____ (Farbar) C:\Users\DjMrGooD\Desktop\FRST64.exe
2014-09-23 22:56 - 2014-09-23 22:56 - 01373475 _____ () C:\Users\DjMrGooD\Downloads\AdwCleaner.exe
2014-09-23 22:55 - 2014-09-23 22:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-23 22:54 - 2014-09-23 22:54 - 00002703 _____ () C:\Users\DjMrGooD\Desktop\PUP.txt
2014-09-23 22:52 - 2014-06-30 02:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 22:47 - 2014-09-23 22:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-23 22:47 - 2014-09-23 22:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-23 22:47 - 2014-09-23 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 22:47 - 2014-09-23 22:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-23 22:47 - 2014-06-30 02:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 22:45 - 2014-09-17 19:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 22:37 - 2014-07-04 22:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-23 20:45 - 2014-09-23 00:05 - 00000000 ____D () C:\ProgramData\710e0ff856b03317
2014-09-23 20:43 - 2014-09-23 20:34 - 03534336 _____ () C:\Windows\SysWOW64\setup.exe
2014-09-23 20:43 - 2014-09-23 00:05 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-23 20:41 - 2014-09-23 00:08 - 00000000 ____D () C:\ProgramData\YYoutubeAdBloocke
2014-09-23 20:40 - 2014-09-23 00:08 - 00000000 ____D () C:\Program Files (x86)\YYoutubeAdBloocke
2014-09-23 20:32 - 2014-09-23 20:31 - 00918440 _____ (Oracle Corporation) C:\Users\DjMrGooD\Downloads\chromeinstall-7u67.exe
2014-09-23 11:27 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Guest
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-23 00:05 - 2014-09-23 00:05 - 00000000 ____D () C:\Users\Administrator
2014-09-23 00:05 - 2014-06-30 02:02 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\Google
2014-09-23 00:05 - 2014-06-30 02:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-23 00:05 - 2014-06-15 20:41 - 00000000 ____D () C:\Users\DjMrGooD\Desktop\nase 2014
2014-09-23 00:05 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-22 08:42 - 2014-06-30 04:19 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-17 19:52 - 2014-09-16 19:14 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-09-17 19:49 - 2014-09-17 19:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 19:49 - 2014-09-17 19:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 19:45 - 2014-09-17 19:45 - 00001023 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-09-17 19:45 - 2014-09-17 19:45 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Windows\pss
2014-09-17 19:38 - 2014-08-27 01:40 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\uTorrent
2014-09-16 19:16 - 2014-06-30 02:11 - 00000192 _____ () C:\Windows\winamp.ini
2014-09-16 19:15 - 2014-09-16 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-09-16 19:15 - 2014-06-30 02:12 - 00000983 _____ () C:\Users\DjMrGooD\Desktop\Winamp.lnk
2014-09-16 18:53 - 2014-09-16 18:53 - 00000000 ____D () C:\Users\DjMrGooD\Desktop\foto cd
2014-09-11 20:13 - 2014-06-30 02:04 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 20:04 - 2014-09-11 20:03 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-11 20:03 - 2014-09-11 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-11 20:03 - 2014-09-11 20:02 - 00000000 ____D () C:\Users\DjMrGooD\Downloads\WinRAR
2014-09-09 21:53 - 2014-06-30 02:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 21:53 - 2014-06-30 02:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 21:53 - 2014-06-30 02:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 09:58 - 2014-06-30 02:31 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Skype
2014-09-01 10:36 - 2014-09-01 10:36 - 00002515 _____ () C:\Users\DjMrGooD\Desktop\Skype.lnk
2014-09-01 10:36 - 2014-06-30 02:31 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 06:50 - 2014-06-30 20:13 - 00000412 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2014-08-27 13:18 - 2014-06-28 12:27 - 00000000 ____D () C:\Users\DjMrGooD\Desktop\cd jelena
2014-08-27 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-27 02:17 - 2014-08-11 14:26 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\Unity
2014-08-27 02:12 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-08-27 02:12 - 2014-08-26 17:45 - 00000000 ____D () C:\Program Files\Image-Line
2014-08-27 02:12 - 2014-08-26 17:39 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-08-27 01:41 - 2014-08-27 01:41 - 00000816 _____ () C:\Users\DjMrGooD\Desktop\µTorrent.lnk
2014-08-27 01:41 - 2014-08-27 01:41 - 00000796 _____ () C:\Users\DjMrGooD\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-27 01:37 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-08-27 01:33 - 2014-08-27 01:33 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\JGArcadeApp
2014-08-27 01:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-27 01:27 - 2014-08-27 01:27 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Local\CrashRpt
2014-08-27 00:31 - 2014-08-27 00:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-26 17:46 - 2014-08-26 17:46 - 00002044 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-08-26 17:46 - 2014-07-19 17:09 - 00000000 ____D () C:\Program Files (x86)\Vstplugins
2014-08-26 17:45 - 2014-08-26 17:45 - 00002056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\Documents\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Users\DjMrGooD\AppData\Roaming\FlowStone
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-08-26 17:45 - 2014-08-26 17:45 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-08-24 15:52 - 2014-06-30 02:01 - 00058784 _____ () C:\Users\DjMrGooD\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 15:52 - 2009-07-14 06:45 - 00270920 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\DjMrGooD\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-11 14:30

==================== End Of Log ============================

Dopuna: 23 Sep 2014 23:13

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
2014-09-23 00:08 - 2014-09-23 20:41 - 00000000 ____D () C:\ProgramData\YYoutubeAdBloocke
2014-09-23 00:08 - 2014-09-23 20:40 - 00000000 ____D () C:\Program Files (x86)\YYoutubeAdBloocke
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {802658F8-80BD-4921-9EE3-7063F3F6B3F6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {A9F6F66F-BF39-41AA-BFCD-1E6A5C2260FD} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: {AA6B61B9-1CB0-4476-B788-125A786384EB} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.





Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 24 Sep 2014 16:08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by DjMrGooD at 2014-09-24 16:01:06 Run:1
Running from C:\Users\DjMrGooD\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
2014-09-23 00:08 - 2014-09-23 20:41 - 00000000 ____D () C:\ProgramData\YYoutubeAdBloocke
2014-09-23 00:08 - 2014-09-23 20:40 - 00000000 ____D () C:\Program Files (x86)\YYoutubeAdBloocke
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {802658F8-80BD-4921-9EE3-7063F3F6B3F6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {A9F6F66F-BF39-41AA-BFCD-1E6A5C2260FD} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: {AA6B61B9-1CB0-4476-B788-125A786384EB} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\YYoutubeAdBloocke => Moved successfully.
C:\Program Files (x86)\YYoutubeAdBloocke => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{802658F8-80BD-4921-9EE3-7063F3F6B3F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{802658F8-80BD-4921-9EE3-7063F3F6B3F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9F6F66F-BF39-41AA-BFCD-1E6A5C2260FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9F6F66F-BF39-41AA-BFCD-1E6A5C2260FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
C:\PROGRA~1\COMMON~1\System\SysMenu.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA6B61B9-1CB0-4476-B788-125A786384EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6B61B9-1CB0-4476-B788-125A786384EB}" => Key deleted successfully.
C:\Windows\System32\Tasks\DriverEasy Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverEasy Scheduled Scan" => Key deleted successfully.
C:\Windows\Tasks\DriverEasy Scheduled Scan.job => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Dopuna: 24 Sep 2014 16:22

[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]

Dopuna: 24 Sep 2014 16:24

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
[Link mogu videti samo ulogovani korisnici]

Database version: v2014.09.24.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
DjMrGooD :: DJMRGOOD-PC [administrator]

9/24/2014 16:06:27
mbar-log-2014-09-24 (16-06-27).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 322030
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tvoj kompjuter je čist što se malware-a tiče.




• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zahvaljujem pozdrav.