Poslao: 05 Jun 2014 23:07
|
offline
- bevod
- Novi MyCity građanin
- Pridružio: 22 Dec 2013
- Poruke: 21
|
Pozdrav Imam problem sa zvukom i mikrofonom. Malwarebytes mi je danas pronasao ,, Trojan.fakeMS" i od tada sam primetio da ne rade.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Obrad (administrator) on OBRAD-PC on 05-06-2014 22:48:51
Running from C:\Users\Obrad\Downloads
Platform: Microsoft Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Time Information Services Ltd.) C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
(Akamai Technologies, Inc.) C:\Users\Obrad\AppData\Local\Akamai\netsession_win.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Akamai Technologies, Inc.) C:\Users\Obrad\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Nokia.) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia Corporation) C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
() C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Flexera Software LLC) D:\Program Files\ArcGIS\License10.2\bin\lmgrd.exe
(Flexera Software LLC) D:\Program Files\ArcGIS\License10.2\bin\lmgrd.exe
(ESRI) D:\Program Files\ArcGIS\License10.2\bin\ARCGIS.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Google Inc.) C:\Users\Obrad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Obrad\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Obrad\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-09-01] (cyberlink)
HKLM\...\Run: [WinampAgent] => "C:\Program Files\Winamp\winampa.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3888648 2014-05-24] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [1232896 2008-03-26] (Time Information Services Ltd.)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [1079808 2008-04-16] (Nokia)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Obrad\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [Google Update] => C:\Users\Obrad\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2223362715-3625748912-2815790936-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\Obrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
URLSearchHook: HKCU - (No Name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No File
URLSearchHook: HKCU - (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = startsear.ch/?aff=1&src=sp&cf=b4652.....831&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = startsear.ch/?aff=1&src=sp&cf=b4652.....831&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKCU - No Name - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 87.250.33.21
FireFox:
========
FF ProfilePath: C:\Users\Obrad\AppData\Roaming\Mozilla\Firefox\Profiles\ga41qm3b.default
FF DefaultSearchEngine: Twitter
FF SelectedSearchEngine: Twitter
FF Homepage: hxxp://www.google.rs/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Obrad\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Obrad\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: vshare Add-On - C:\Users\Obrad\AppData\Roaming\Mozilla\Firefox\Profiles\ga41qm3b.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-08-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-06]
Chrome:
=======
CHR HomePage: hxxp://google.rs/
CHR StartupUrls: "hxxp://google.rs/"
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: websearch.search-guide.info/?l=1&q={searchTerms}&pid=821&r=2013/11/10&hid=640932996143031612&lg=EN&cc=RS&unqvl=40
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Skype Click to Call) - C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Obrad\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 ArcGIS License Manager; D:\Program Files\ArcGIS\License10.2\bin\lmgrd.exe [1452408 2013-11-13] (Flexera Software LLC)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-05-30] (Flexera Software LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-11-12] (Nitro PDF Software)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-26] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files\CyberLink\PowerDVD9\000.fcl [87536 2009-09-01] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 22:48 - 2014-06-05 22:49 - 00015623 _____ () C:\Users\Obrad\Downloads\FRST.txt
2014-06-05 22:48 - 2014-06-05 22:48 - 01059840 _____ (Farbar) C:\Users\Obrad\Downloads\FRST.exe
2014-06-05 22:48 - 2014-06-05 22:48 - 00000000 ____D () C:\FRST
2014-06-05 21:17 - 2014-06-05 21:17 - 00000000 ___RD () C:\Users\Obrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2014-06-05 12:58 - 2014-06-05 12:58 - 02676318 _____ () C:\Users\Obrad\Desktop\224_10.tif
2014-06-05 12:40 - 2014-06-05 12:40 - 02676318 _____ () C:\Users\Obrad\Downloads\224_10.tif
2014-06-03 19:45 - 2014-06-03 19:46 - 00861335 _____ () C:\Users\Obrad\Desktop\Regulacija reka - odgovori na pitanja.rar
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Users\Obrad\AppData\Local\ArcGISRuntime
2014-06-01 15:39 - 2014-06-01 15:41 - 16548508 _____ () C:\Users\Obrad\Downloads\LicenseManager + (zabranjeno).rar
2014-05-31 00:02 - 2014-05-31 00:02 - 00000000 ____D () C:\ProgramData\FNP
2014-05-30 23:44 - 2014-05-30 23:44 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-05-30 23:36 - 2014-06-01 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2014-05-30 23:33 - 2014-05-30 23:33 - 00000000 ____D () C:\Program Files\Common Files\AnswerWorks 4.0
2014-05-30 23:32 - 2014-05-30 23:32 - 00000000 ____D () C:\Program Files\Common Files\Data Dynamics
2014-05-30 23:31 - 2014-05-30 23:36 - 00000000 ____D () C:\Program Files\Common Files\ArcGIS
2014-05-30 23:31 - 2014-05-30 23:31 - 00000000 ____D () C:\Program Files\Common Files\Tom Sawyer Software
2014-05-29 16:48 - 2014-05-29 16:48 - 00145456 _____ () C:\Windows\Minidump\052914-17284-01.dmp
2014-05-26 20:21 - 2014-05-26 20:21 - 00003302 _____ () C:\Users\Obrad\Documents\deauthorize.txt
2014-05-26 20:14 - 2014-05-30 21:23 - 00001472 _____ () C:\Windows\KB893803v2.log
2014-05-26 15:34 - 2014-05-26 15:45 - 23694214 _____ () C:\Users\Obrad\Downloads\ArcGIS10.1License.rar
2014-05-21 10:13 - 2014-05-21 10:13 - 06738174 _____ () C:\Users\Obrad\Desktop\Cuprija_bckgrd.bmp
2014-05-21 09:38 - 2014-05-08 18:03 - 06738332 _____ () C:\Users\Obrad\Desktop\Cuprija_bckgrd.tif
2014-05-20 20:27 - 2014-05-20 20:27 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-20 20:25 - 2014-05-20 20:25 - 00145464 _____ () C:\Windows\Minidump\052014-17534-01.dmp
2014-05-19 18:26 - 2014-05-19 18:26 - 00145448 _____ () C:\Windows\Minidump\051914-22230-01.dmp
2014-05-15 17:56 - 2014-05-15 17:56 - 05558061 _____ () C:\Users\Obrad\Downloads\Video zapis106.mp4
2014-05-14 20:07 - 2014-05-23 17:30 - 00000000 ____D () C:\Users\Obrad\Desktop\New folder
2014-05-11 19:55 - 2014-05-11 19:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 00:05 - 2014-06-01 10:05 - 00000000 ____D () C:\Users\Obrad\Desktop\Sremska
2014-05-08 19:03 - 2014-05-08 19:03 - 00000785 _____ () C:\Users\Obrad\Documents\Conversion.txt
2014-05-08 18:50 - 2014-05-08 18:50 - 00001938 _____ () C:\Users\Public\Desktop\DWG TrueView 2015 - English.lnk
2014-05-08 18:48 - 2014-05-08 18:48 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-05-08 18:46 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-05-08 18:46 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-05-08 18:46 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-05-08 18:46 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-05-08 18:46 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-08 18:46 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-05-08 18:46 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-08 18:46 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-05-08 18:31 - 2014-05-08 18:31 - 00299029 _____ () C:\Users\Obrad\Downloads\sysreq.chm
2014-05-08 03:34 - 2014-05-08 03:35 - 00870812 _____ () C:\Users\Obrad\Downloads\_prilog_2__situacioni_plan_2__1376640597563.zip
2014-05-08 03:32 - 2014-05-08 03:32 - 00189877 _____ () C:\Users\Obrad\Downloads\RR_Praktikum_11062012.zip
2014-05-08 03:29 - 2014-05-08 03:29 - 00543232 _____ () C:\Users\Obrad\Downloads\osnovne-geometrijske-konstrukcije.ppt
==================== One Month Modified Files and Folders =======
2014-06-05 22:49 - 2014-06-05 22:48 - 00015623 _____ () C:\Users\Obrad\Downloads\FRST.txt
2014-06-05 22:49 - 2010-06-15 13:54 - 00000000 ____D () C:\Users\Obrad\AppData\Local\Temp
2014-06-05 22:48 - 2014-06-05 22:48 - 01059840 _____ (Farbar) C:\Users\Obrad\Downloads\FRST.exe
2014-06-05 22:48 - 2014-06-05 22:48 - 00000000 ____D () C:\FRST
2014-06-05 22:26 - 2010-07-08 13:56 - 00000000 ____D () C:\Users\Obrad\AppData\Roaming\Skype
2014-06-05 22:16 - 2011-05-21 14:46 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 22:15 - 2012-04-04 15:39 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223362715-3625748912-2815790936-1000UA.job
2014-06-05 22:02 - 2013-03-07 10:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 21:25 - 2010-06-15 21:51 - 01677006 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 21:24 - 2014-04-22 12:23 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 21:24 - 2009-07-14 06:34 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:24 - 2009-07-14 06:34 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 21:22 - 2010-06-15 14:02 - 00793804 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 21:19 - 2010-06-23 23:19 - 00000000 ____D () C:\Users\Obrad\Tracing
2014-06-05 21:17 - 2014-06-05 21:17 - 00000000 ___RD () C:\Users\Obrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2014-06-05 21:17 - 2012-03-21 23:26 - 00000000 ____D () C:\ProgramData\MCShield
2014-06-05 21:17 - 2011-05-21 14:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 21:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 21:17 - 2009-07-14 06:39 - 00179169 _____ () C:\Windows\setupact.log
2014-06-05 19:14 - 2012-04-04 15:39 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223362715-3625748912-2815790936-1000Core.job
2014-06-05 12:58 - 2014-06-05 12:58 - 02676318 _____ () C:\Users\Obrad\Desktop\224_10.tif
2014-06-05 12:40 - 2014-06-05 12:40 - 02676318 _____ () C:\Users\Obrad\Downloads\224_10.tif
2014-06-05 12:35 - 2014-02-26 13:27 - 00000000 ____D () C:\Users\Obrad\AppData\Local\ESRI
2014-06-04 15:33 - 2009-07-14 06:53 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 19:46 - 2014-06-03 19:45 - 00861335 _____ () C:\Users\Obrad\Desktop\Regulacija reka - odgovori na pitanja.rar
2014-06-03 00:04 - 2014-06-03 00:04 - 00000000 ____D () C:\Users\Obrad\AppData\Local\ArcGISRuntime
2014-06-02 02:27 - 2010-10-05 17:45 - 00000000 ___RD () C:\Users\Obrad\Desktop\Gradjevina
2014-06-01 16:29 - 2011-03-07 18:39 - 00000000 ____D () C:\Users\Obrad\Documents\MATLAB
2014-06-01 15:53 - 2014-05-30 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2014-06-01 15:41 - 2014-06-01 15:39 - 16548508 _____ () C:\Users\Obrad\Downloads\LicenseManager + (zabranjeno).rar
2014-06-01 10:05 - 2014-05-10 00:05 - 00000000 ____D () C:\Users\Obrad\Desktop\Sremska
2014-05-31 10:27 - 2013-11-16 18:33 - 00000000 ____D () C:\Users\Obrad\AppData\Roaming\Nitro
2014-05-31 00:02 - 2014-05-31 00:02 - 00000000 ____D () C:\ProgramData\FNP
2014-05-30 23:59 - 2014-02-25 18:59 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-05-30 23:59 - 2010-06-15 13:54 - 00000000 ____D () C:\Users\Obrad
2014-05-30 23:44 - 2014-05-30 23:44 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-05-30 23:36 - 2014-05-30 23:31 - 00000000 ____D () C:\Program Files\Common Files\ArcGIS
2014-05-30 23:33 - 2014-05-30 23:33 - 00000000 ____D () C:\Program Files\Common Files\AnswerWorks 4.0
2014-05-30 23:32 - 2014-05-30 23:32 - 00000000 ____D () C:\Program Files\Common Files\Data Dynamics
2014-05-30 23:31 - 2014-05-30 23:31 - 00000000 ____D () C:\Program Files\Common Files\Tom Sawyer Software
2014-05-30 23:24 - 2014-04-22 12:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 22:23 - 2014-04-22 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 22:23 - 2013-12-22 17:29 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 21:23 - 2014-05-26 20:14 - 00001472 _____ () C:\Windows\KB893803v2.log
2014-05-29 16:48 - 2014-05-29 16:48 - 00145456 _____ () C:\Windows\Minidump\052914-17284-01.dmp
2014-05-29 16:48 - 2014-04-23 16:30 - 355499451 _____ () C:\Windows\MEMORY.DMP
2014-05-29 16:48 - 2014-04-23 16:30 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 20:21 - 2014-05-26 20:21 - 00003302 _____ () C:\Users\Obrad\Documents\deauthorize.txt
2014-05-26 15:45 - 2014-05-26 15:34 - 23694214 _____ () C:\Users\Obrad\Downloads\ArcGIS10.1License.rar
2014-05-24 11:20 - 2010-06-15 15:00 - 00250162 _____ () C:\Windows\PFRO.log
2014-05-23 17:30 - 2014-05-14 20:07 - 00000000 ____D () C:\Users\Obrad\Desktop\New folder
2014-05-21 23:08 - 2010-06-15 13:54 - 00000000 ____D () C:\Users\Obrad\AppData\Local\VirtualStore
2014-05-21 10:13 - 2014-05-21 10:13 - 06738174 _____ () C:\Users\Obrad\Desktop\Cuprija_bckgrd.bmp
2014-05-20 20:27 - 2014-05-20 20:27 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-20 20:27 - 2010-07-08 13:56 - 00000000 ___RD () C:\Program Files\Skype
2014-05-20 20:27 - 2010-07-08 13:56 - 00000000 ____D () C:\ProgramData\Skype
2014-05-20 20:25 - 2014-05-20 20:25 - 00145464 _____ () C:\Windows\Minidump\052014-17534-01.dmp
2014-05-19 18:26 - 2014-05-19 18:26 - 00145448 _____ () C:\Windows\Minidump\051914-22230-01.dmp
2014-05-17 09:01 - 2013-12-22 19:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 09:01 - 2010-06-15 14:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-15 17:56 - 2014-05-15 17:56 - 05558061 _____ () C:\Users\Obrad\Downloads\Video zapis106.mp4
2014-05-15 13:24 - 2013-12-26 20:13 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:24 - 2011-03-06 16:03 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:24 - 2010-06-15 14:53 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 20:03 - 2014-03-10 21:47 - 00000000 ____D () C:\Users\Obrad\Desktop\Predmeti
2014-05-14 14:04 - 2013-02-21 13:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 14:04 - 2011-06-26 19:11 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-05-13 10:05 - 2012-05-14 20:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-04-22 12:23 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-04-22 12:23 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2013-12-22 17:29 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 19:55 - 2014-05-11 19:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 17:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-08 19:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-08 19:03 - 2014-05-08 19:03 - 00000785 _____ () C:\Users\Obrad\Documents\Conversion.txt
2014-05-08 18:52 - 2009-07-14 06:33 - 00659432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-08 18:50 - 2014-05-08 18:50 - 00001938 _____ () C:\Users\Public\Desktop\DWG TrueView 2015 - English.lnk
2014-05-08 18:50 - 2010-12-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-05-08 18:50 - 2010-11-01 16:39 - 00000000 ____D () C:\Users\Obrad\AppData\Roaming\Autodesk
2014-05-08 18:50 - 2010-06-15 14:42 - 00208920 _____ () C:\Users\Obrad\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-08 18:49 - 2010-12-05 09:56 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-05-08 18:49 - 2010-11-01 17:13 - 00000000 ____D () C:\ProgramData\Autodesk
2014-05-08 18:48 - 2014-05-08 18:48 - 00000000 ____D () C:\Users\Public\Documents\Autodesk
2014-05-08 18:48 - 2010-11-01 17:13 - 00000000 ____D () C:\Users\Obrad\AppData\Local\Autodesk
2014-05-08 18:45 - 2013-11-16 18:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-08 18:31 - 2014-05-08 18:31 - 00299029 _____ () C:\Users\Obrad\Downloads\sysreq.chm
2014-05-08 18:03 - 2014-05-21 09:38 - 06738332 _____ () C:\Users\Obrad\Desktop\Cuprija_bckgrd.tif
2014-05-08 03:35 - 2014-05-08 03:34 - 00870812 _____ () C:\Users\Obrad\Downloads\_prilog_2__situacioni_plan_2__1376640597563.zip
2014-05-08 03:32 - 2014-05-08 03:32 - 00189877 _____ () C:\Users\Obrad\Downloads\RR_Praktikum_11062012.zip
2014-05-08 03:29 - 2014-05-08 03:29 - 00543232 _____ () C:\Users\Obrad\Downloads\osnovne-geometrijske-konstrukcije.ppt
Some content of TEMP:
====================
C:\Users\Obrad\AppData\Local\Temp\AcDeltree.exe
C:\Users\Obrad\AppData\Local\Temp\AskSLib.dll
C:\Users\Obrad\AppData\Local\Temp\Autodesk+XFORCE+(zabranjeno)+2014-32bits2C64bits.exe
C:\Users\Obrad\AppData\Local\Temp\down.4148.assistant_v3.exe
C:\Users\Obrad\AppData\Local\Temp\down.4148.ext_setup.exe
C:\Users\Obrad\AppData\Local\Temp\down.4764.assistant_v3.exe
C:\Users\Obrad\AppData\Local\Temp\htmlayout.dll
C:\Users\Obrad\AppData\Local\Temp\installhelper.dll
C:\Users\Obrad\AppData\Local\Temp\install_flashplayer12x32au_mssa_aaa_aih.exe
C:\Users\Obrad\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Obrad\AppData\Local\Temp\lowproc.exe
C:\Users\Obrad\AppData\Local\Temp\Quarantine.exe
C:\Users\Obrad\AppData\Local\Temp\RealPlayer.exe
C:\Users\Obrad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Obrad\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe
C:\Users\Obrad\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Obrad\AppData\Local\Temp\stubhelper.dll
C:\Users\Obrad\AppData\Local\Temp\Tsu6B5DFF6A.dll
C:\Users\Obrad\AppData\Local\Temp\TsuF6C4898B.dll
C:\Users\Obrad\AppData\Local\Temp\uninst1.exe
C:\Users\Obrad\AppData\Local\Temp\wlsetup-cvr.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 15:00
==================== End Of Log ============================
mycity.rs/must-login.png
|
|
|
|
Poslao: 06 Jun 2014 12:16
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Pozdrav bevod,
Osim par ostataka koje imas i koje cemo ukloniti Zoek alatom, postavljeni log izgleda cisto. Nema tragova malware-a.
Mozes li da nam iskopiras MBAM-ov log, taj koji kaze da je detektovao Trojan.fakeMS?
Evo kako da pronadjes te izvestaje.
• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.
- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.
--- --- --- --- --- --- --- ---
Preuzmi smeenk-ov zoek () sa ovog ili ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:
zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...
U beli okvir prozora iskopiraj sledeći tekst:
EmptyCLSID;
CHRDefaults;
TornTV;u
1ClickDownload;u
AutoClean;
Klikni na dugme i pričekaj da se skeniranje završi.
zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)
Kopiraj sadrzaj tog loga u poruku.
|
|
|
|
Poslao: 06 Jun 2014 13:50
|
offline
- bevod
- Novi MyCity građanin
- Pridružio: 22 Dec 2013
- Poruke: 21
|
Evo MBAM :
mycity.rs/must-login.png
i zoek :
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Obrad on Fri 06/06/2014 at 13:13:02.07.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Obrad\Desktop\zoek\zoek.com [Scan all users] [Script inserted]
==== System Restore Info ======================
6/6/2014 1:16:06 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully
HKEY_USERS\S-1-5-21-2223362715-3625748912-2815790936-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"bProtectTabs"=-
==== Deleting Files \ Folders ======================
C:\Users\Obrad\AppData\LocalLow\{46F35457-6CD7-038B-1B0A-7706FC0F7D1F} deleted
C:\PROGRA~2\suarF and! keeeep deleted
C:\Users\Obrad\AppData\Roaming\playnowradio deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Obrad\AppData\LocalLow\DataMngr deleted
"C:\Users\Obrad\AppData\Local\{0B3383F8-548C-44ED-A57F-F735FA29863A}" deleted
"C:\Users\Obrad\AppData\Local\{30911EBE-D89D-435C-8A50-D7A7735EA802}" deleted
"C:\PROGRA~2\e68276fefd4382f1\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" deleted
"C:\PROGRA~2\e68276fefd4382f1\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}.old" deleted
"C:\PROGRA~2\e68276fefd4382f1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\PROGRA~2\e68276fefd4382f1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old" deleted
"C:\PROGRA~2\e68276fefd4382f1" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [04/26/2014 12:29 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Obrad\AppData\Roaming\Mozilla\Firefox\Profiles\ga41qm3b.default
- vshare Add-On - %ProfilePath%\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Obrad\AppData\Roaming\Mozilla\Firefox\Profiles\ga41qm3b.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\Obrad\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
C020217B41C83193AA9D3665E01C5DC8 - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
99CD25D8435C8E5307B022BD4FF82740 - C:\Program Files\Nitro\Pro 9\NPShellExtension.dll - Nitro Pro ShellExtension
A47736C18E00A1F8DA240EFEAF37A376 - C:\Program Files\Nitro\Pro 9\npdf.dll - FileOpen WebPublisher3+ MSO Security exchange
40C676C2D80D27DBC68731E0947FDA37 - C:\Program Files\Nitro\Pro 9\npnitroie.dll - Nitro PDF plugin for Internet Explorer
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[04/26/2014 12:29 PM]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]
Google Voice Search Hotword (Beta) - Obrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Skype Click to Call - Obrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.rs/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.rs/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{570B17C5-166C-4B58-8910-6D9D32F313F0} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully
==== Empty IE Cache ======================
C:\Users\Obrad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Obrad\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Obrad\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Obrad\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Obrad\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Obrad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Obrad\AppData\Local\Mozilla\Firefox\Profiles\ga41qm3b.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Obrad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=44 folders=19 76267156 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Obrad\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Obrad\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Obrad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on Fri 06/06/2014 at 13:46:17.80 ======================
|
|
|
|
Poslao: 06 Jun 2014 14:27
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
bevod ::Evo MBAM :
https://www.mycity.rs/must-login.png
Nije dobro, treba da mi nadjes izvestaj za koji kazes da je detektovao Trojan.fakeMS. Kao sto vidis, postavljeni log nije detektovao stavke te mi on ne govori nista. Probaj ponovo ...
|
|
|
|
|
Poslao: 06 Jun 2014 15:37
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Napisano: 06 Jun 2014 15:33
Razlog zasto trazim izvestaje je taj da je moguce da je MBAM obrisao legitiman file pa je zato nastao razlog ... i bio sam u pravu. Nije to pravi log (ja sam trazio Scan Log) ali ovaj je posluzio...
Obrati paznju na log:
Detection, 6/5/2014 5:32:33 PM, SYSTEM, OBRAD-PC, Protection, Malware Protection, File, Trojan.FakeMS, C:\Windows\System32\audiodg.exe, Quarantine, [14c8482c2a51aa8c5cb6ceb8e81910f0]
Detection, 6/5/2014 6:06:07 PM, SYSTEM, OBRAD-PC, Protection, Malware Protection, File, Trojan.FakeMS, c:\windows\system32\audiodg.exe, Quarantine, [14c8482c2a51aa8c5cb6ceb8e81910f0]
Protection, 6/5/2014 6:06:08 PM, SYSTEM, OBRAD-PC, Protection, SDKQuarantine, 1, Failed, c:\windows\system32\audiodg.exe,
. . . etc
MBAM je pokusao ukloniti file ali Windows mu to nije dozvolio...i tu je nastala borba.
Privremeno deaktiviraj MBAM-ov Real-Time Protection.
Potrebno je da pristupis MBAM > Quarantinu ( klik na History tab) i pronadji navedenu/e detekciju/e.
Detekcija treba da nosi naziv:
Vendor: Trojan.FakeMS
Type: File
Location: c:\windows\system32\audiodg.exe
Selektuj navedeni unos (stikliraj kucicu) i klikni na dugme Restore. Kada MBAM vrati obrisani file, restartuj racunar.
Javi kako je proslo i da li imas zvuk?
Dopuna: 06 Jun 2014 15:37
bump!
azuriran post
|
|
|
|
|
Poslao: 06 Jun 2014 15:49
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Napisano: 06 Jun 2014 15:47
Cisto da te obavestim, potvrdio sam. MBAM je ciljao taj file juce i ovaj FP je ispravljen. Znaci, potrebno je da azuriras njegove definicije (i da vratis detekciju nazad u sistem) i problem bi trebao biti resen.
Dopuna: 06 Jun 2014 15:49
Ako je sve Ok, ja bih zeleo jos jednu potvrdu ...
• Ponovo pokreni MBAM i azuriraj ga ...
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.
• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.
• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
• Po zavrsenom skeniranju, ne uklanjaj nista, vec mi prosledi svez Scan Log izvestaj kao prosli put sto si ucinio.
|
|
|
|
|
|