Internet explorer se otvara u procesima

Internet explorer se otvara u procesima

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Pozdrav ljudi!

Dobio sam natrag laptop koji nije bio tu duze vreme. Kada sam ga otvorio video sam da koci i usao sam u task manager i video program koji se zove ''Team viewer'' ne znam odakle je to ali sam stopirao proces i iskljucio da se dize uz windows. Ne mogu da ga obrisem jer ga nema u control panel.

Takodje imam ukljucen Internet explorer.exe u task manageru i njega nema sanse da iskljucim. Radio sam i end process i neke komande ''taskkill /F /IM iexplore.exe'' u command promt medjutim, nema spasa taj proces je uvek ukljucen i nesto radi, IE se zapravo nikad ne otvara nego tako nesto radi u pozadini i bojim se da nije nesto opasno.

Takodje sam radio Adware od X-plode i nasao je 3 registry infekcije i 2 foldera koje je obrisao, ali ovaj problem nije resen. I da napomenem da mi je na Firefoxu bio instaliran neki ''Fast search'' i obrisao sam ga.

Evo slike iz task managera;




FRST:

Loaded Profiles: Metallica41 (Available Profiles: Metallica41)
Platform: Windows 8 (X64) Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-473922799-1250382268-3828485289-1001\...\Run: [CCleaner Monitoring] => D:\Ccleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-10-24]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1}: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{A83F5B42-13AE-427E-A97A-F67155D5EEB9}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{CA1BF98B-6CBC-4024-88B2-5CF84EAE35FE}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-473922799-1250382268-3828485289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=cr,ssl&ei=j4fmV921J-G26ASlvoPIBQ
HKU\S-1-5-21-473922799-1250382268-3828485289-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-473922799-1250382268-3828485289-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-473922799-1250382268-3828485289-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\91ithn9o.default-1472832363770 [2017-01-03]
FF Homepage: Mozilla\Firefox\Profiles\91ithn9o.default-1472832363770 -> hxxps://www.google.rs/?gws_rd=cr&ei=C6fJV8fyNYH8UoeQiagG
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\91ithn9o.default-1472832363770\Extensions\adblockpopups@jessehakanen.net.xpi [2016-09-02]
FF Extension: (No Name) - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\91ithn9o.default-1472832363770\Extensions\amcontextmenu@loucypher [2017-01-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-09-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2217616 2014-10-18] (MediaTek Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-09-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-09-12] (Microsoft Corporation)
S1 MpKsl401057ca; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91F810EA-D191-4433-8507-55913FA18A30}\MpKsl401057ca.sys [X]
U0 msahci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 10:39 - 2017-01-03 10:40 - 00009514 _____ C:\Users\Stefan\Downloads\FRST.txt
2017-01-03 10:39 - 2017-01-03 10:39 - 00000000 ____D C:\FRST
2017-01-03 10:25 - 2017-01-03 10:27 - 02418176 _____ (Farbar) C:\Users\Stefan\Downloads\FRST64.exe
2017-01-03 10:11 - 2017-01-03 10:11 - 00311544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-03 10:08 - 2017-01-03 10:10 - 00000000 ____D C:\AdwCleaner
2017-01-03 10:07 - 2017-01-03 10:07 - 03977168 _____ C:\Users\Stefan\Downloads\adwcleaner_6.041.exe
2017-01-02 20:23 - 2017-01-02 20:23 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2017-01-02 20:23 - 2017-01-02 20:23 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2017-01-02 20:23 - 2017-01-02 20:23 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2017-01-02 17:54 - 2017-01-02 17:55 - 00000000 ____D C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
2017-01-02 15:21 - 2017-01-02 15:21 - 00005029 _____ C:\Users\Stefan\Downloads\replay_1598833910.bat
2017-01-01 23:59 - 2017-01-02 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam
2017-01-01 17:58 - 2017-01-01 19:22 - 00000000 ____D C:\ProgramData\MFAData
2017-01-01 17:58 - 2017-01-01 17:58 - 00000000 ____D C:\Users\Stefan\AppData\Local\MFAData
2017-01-01 17:55 - 2017-01-01 19:25 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-01 17:54 - 2017-01-01 19:25 - 00000000 ____D C:\Users\Stefan\AppData\Local\AvgSetupLog
2017-01-01 17:54 - 2017-01-01 18:00 - 00000000 ____D C:\ProgramData\Avg
2016-12-31 02:11 - 2016-12-31 02:11 - 00001108 _____ C:\Windows\system32\netcfg-4721875.txt
2016-12-21 03:50 - 2016-12-21 03:50 - 00005029 _____ C:\Users\Stefan\Downloads\replay_1590936329.bat
2016-12-13 02:29 - 2016-12-15 00:21 - 00000000 ____D C:\Users\Stefan\Desktop\pesme
2016-12-12 19:37 - 2016-12-12 19:38 - 02048868 _____ C:\Users\Stefan\Downloads\pesmaaaaa.mp3
2016-12-12 19:24 - 2016-12-12 19:25 - 01376790 _____ C:\Users\Stefan\Downloads\Jeza midi.mp3
2016-12-12 18:05 - 2016-12-12 18:05 - 03477564 _____ C:\Users\Stefan\Downloads\Etnika-Rakija.mp3
2016-12-12 18:05 - 2016-12-12 18:05 - 02718438 _____ C:\Users\Stefan\Downloads\Slavko-Betrayed.mp3
2016-12-12 15:51 - 2016-12-12 15:51 - 04422164 _____ C:\Users\Stefan\Downloads\Snuff - Slipknot (lyrics).mp3
2016-12-12 15:51 - 2016-12-12 15:51 - 03605347 _____ C:\Users\Stefan\Downloads\Vermilion Pt. 2 - Slipknot lyrics.mp3
2016-12-12 15:51 - 2016-12-12 15:51 - 02317741 _____ C:\Users\Stefan\Downloads\Slipknot wait and Bleed lyrics..mp3
2016-12-12 15:50 - 2016-12-12 15:50 - 04212768 _____ C:\Users\Stefan\Downloads\Slipknot Vermillion Lyrics.mp3
2016-12-12 15:49 - 2016-12-12 15:50 - 04299024 _____ C:\Users\Stefan\Downloads\Dead memories- Slipknot (Lyrics).mp3
2016-12-12 15:49 - 2016-12-12 15:49 - 04942941 _____ C:\Users\Stefan\Downloads\Slipknot - The Devil in I (Lyrics).mp3
2016-12-12 15:48 - 2016-12-12 15:48 - 03585411 _____ C:\Users\Stefan\Downloads\Slipknot - Before I Forget Lyrics ( HQ ).mp3
2016-12-12 15:47 - 2016-12-12 15:48 - 04834273 _____ C:\Users\Stefan\Downloads\Slipknot - Psychosocial.mp3
2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\Users\Stefan\Desktop\titlovi
2016-12-06 23:17 - 2016-12-06 23:17 - 00038487 _____ C:\Users\Stefan\Downloads\Pantera - 5 Minutes Alone (guitar pro).gp3
2016-12-06 02:25 - 2016-12-06 02:25 - 00001108 _____ C:\Windows\system32\netcfg-39855515.txt
2016-12-04 23:40 - 2016-12-31 02:11 - 00005403 _____ C:\Windows\system32\RaCoInst.log
2016-12-04 23:40 - 2016-12-04 23:40 - 00000261 _____ C:\Windows\system32\netcfg-793015.txt
2016-12-04 23:39 - 2016-12-04 23:39 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-04 23:24 - 2016-12-04 23:24 - 00001139 _____ C:\Windows\system32\netcfg-10420281.txt
2016-12-04 23:24 - 2016-12-04 23:24 - 00001098 _____ C:\Windows\system32\netcfg-10410171.txt
2016-12-04 21:16 - 2016-12-04 21:16 - 00013911 _____ C:\Users\Stefan\Downloads\Repertoar-RGF.docx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 10:15 - 2016-11-15 21:22 - 00000000 ____D C:\Users\Stefan\AppData\LocalLow\Mozilla
2017-01-03 10:11 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-03 10:03 - 2015-08-27 11:25 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-473922799-1250382268-3828485289-1001
2017-01-03 10:02 - 2015-08-27 15:58 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-01-02 20:30 - 2015-09-17 11:11 - 00000000 ____D C:\Users\Stefan\Desktop\Igre
2017-01-02 17:55 - 2015-08-29 16:33 - 00804206 _____ C:\Windows\system32\perfh010.dat
2017-01-02 17:55 - 2015-08-29 16:33 - 00161560 _____ C:\Windows\system32\perfc010.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00812868 _____ C:\Windows\system32\perfh00C.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00808664 _____ C:\Windows\system32\perfh013.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00765262 _____ C:\Windows\system32\perfh007.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00167430 _____ C:\Windows\system32\perfc013.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00163992 _____ C:\Windows\system32\perfc007.dat
2017-01-02 17:55 - 2015-08-28 19:29 - 00163756 _____ C:\Windows\system32\perfc00C.dat
2017-01-02 17:55 - 2012-07-26 08:28 - 04638992 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-02 17:55 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2017-01-02 17:54 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2017-01-01 23:59 - 2012-10-24 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-01 23:49 - 2015-08-27 20:06 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\uTorrent
2017-01-01 19:37 - 2015-12-21 14:04 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\AIMP3
2017-01-01 19:36 - 2016-08-11 22:05 - 00000000 ____D C:\Windows\Minidump
2017-01-01 19:34 - 2016-10-12 14:17 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-01 19:34 - 2012-07-26 09:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-01 19:34 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-01 19:33 - 2016-01-23 01:05 - 00000835 _____ C:\Users\Stefan\Desktop\New Text Document (2).txt
2017-01-01 19:28 - 2012-08-17 01:53 - 00000000 ____D C:\ProgramData\McAfee
2017-01-01 19:22 - 2015-09-12 19:14 - 00000000 ____D C:\Users\Stefan\AppData\Local\Avg
2017-01-01 19:21 - 2015-08-27 11:14 - 00000000 ____D C:\Users\Stefan
2017-01-01 19:19 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-01 18:04 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-31 00:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-29 12:04 - 2016-11-26 19:51 - 00000000 ____D C:\Users\Stefan\Desktop\New folder
2016-12-22 18:49 - 2015-08-27 12:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-22 17:37 - 2015-08-27 12:56 - 00003720 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-22 17:37 - 2015-08-27 12:55 - 00000000 ____D C:\Users\Stefan\AppData\Local\Adobe
2016-12-22 17:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-22 17:37 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-21 02:06 - 2015-09-12 18:59 - 00262144 _____ C:\Users\Public\NTUSER.DAT
2016-12-18 17:31 - 2015-08-27 12:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 15:17 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-13 15:17 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-12-04 23:39 - 2012-07-26 09:08 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-04 21:28 - 2015-08-27 11:15 - 00000000 ____D C:\Users\Stefan\AppData\Local\Packages
2016-12-04 20:09 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI

==================== Files in the root of some directories =======

2016-08-26 15:08 - 2016-08-26 18:33 - 0000104 _____ () C:\Users\Stefan\AppData\Roaming\Camdata.ini
2016-08-26 15:08 - 2016-08-26 18:33 - 0000408 _____ () C:\Users\Stefan\AppData\Roaming\CamLayout.ini
2016-08-26 15:08 - 2016-08-26 18:33 - 0000408 _____ () C:\Users\Stefan\AppData\Roaming\CamShapes.ini
2016-08-26 15:08 - 2016-08-26 18:33 - 0004509 _____ () C:\Users\Stefan\AppData\Roaming\CamStudio.cfg
2016-08-26 18:29 - 2016-08-26 18:29 - 0000098 _____ () C:\Users\Stefan\AppData\Roaming\CamStudio.Producer.command
2016-08-26 18:32 - 2016-08-26 18:32 - 0000000 _____ () C:\Users\Stefan\AppData\Roaming\CamStudio.Producer.Data.ini
2016-08-26 18:32 - 2016-08-26 18:32 - 0001206 _____ () C:\Users\Stefan\AppData\Roaming\CamStudio.Producer.ini
2015-08-27 11:18 - 2015-08-27 11:56 - 0000352 _____ () C:\Users\Stefan\AppData\Roaming\sp_data.sys
2016-08-26 21:50 - 2016-08-26 21:50 - 0001167 _____ () C:\Users\Stefan\AppData\Roaming\trace_FilterInstaller.1.txt
2016-08-26 21:50 - 2016-08-26 22:00 - 0000905 _____ () C:\Users\Stefan\AppData\Roaming\trace_FilterInstaller.txt
2016-08-26 21:50 - 2016-08-26 22:00 - 0000000 _____ () C:\Users\Stefan\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-04-05 09:19 - 2016-04-05 09:19 - 0000094 _____ () C:\Users\Stefan\AppData\Local\fusioncache.dat
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\DriverBoosterSetup.exe
C:\Users\Stefan\AppData\Local\Temp\libeay32.dll
C:\Users\Stefan\AppData\Local\Temp\msvcr120.dll
C:\Users\Stefan\AppData\Local\Temp\sqlite3.dll
C:\Users\Stefan\AppData\Local\Temp\trotux.exe
C:\Users\Stefan\AppData\Local\Temp\update.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-02 03:58

==================== End of FRST.txt ============================


https://www.mycity.rs/must-login.png

Ne znam stvarno kako se ovo desi ali uvek neko od mojih navuce viruse i ko zna kakve stvari...

Hvala na razumevanju!

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pozdrav!

Na pocetku ti preporucujem da ili ukljucis Windows Defender, ili da instaliras neki drugi anti virusni softver, posto trenutno nemas nijedan koji je aktivan.

Logovi su cisti. Ipak, to sto se IE pokrece u pozadini stvarno jeste cudno, ali se u logovima nigde ne prikazuje. Odradicemo MBAM skeniranje.

Arrow Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.


- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.

• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.




• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.


• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.



• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.

- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.




Arrow Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Pozdrav! Kao sto si mi preporucio instalirao sam novi Antivirus pre Mbara. Uzeo sam AVG. Kada je skenirao ceo racunar pronasao je 4 virusa u mom laptop iako kao sto ti kazes u logovima ih nije ni bilo.

Izvini ali nemam screenshot jer sam zaboavio da uslikam al' evo znam od prilike.

1 Trojan je bio u Internet explorer direktorijumu, drugi je bio u Temp folderu pod cudnom ekstenzijom i 3 trojan je bio u procesima koji je takodje obrisan zajedno sa ovima. 4 je bio Adware koji je isto obrisan.

Tako da sada uopste nemam vise problema sa ovim. Izvini molim te ako sam ti oduzeo dragocenog vremena i da li moram da uradim Mbam skeniranje ako je sve u redu?

Hvala mnogo!

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Moja preporuka je da odradis MBAM skeniranje. Ako ipak ne zelis, odradi Delfix samo i to bi bilo to.

Ipak, zamolio bih te da mi dostavis ovde rezultate skeniranja sa avg-om.

Ovo je uputstvo kako da izvuces logove u AVG 2011, ali nadam se da ces uspeti da se snadjes i u novijoj verziji koju ti imas, posto je proces manje-vise isti:

Otvori AVG Control Center (desni klik na AVG ikonicu () u donjem desnom uglu ekrana, stavka Open AVG User Interface);

Kada se pokrene AVG Control Center, klik na History -> Resident Shield detection;

Nakon toga, uraditi kao na slici, klik na Export list to file, izabrati Desktop za lokaciju, proizvoljno napisati ime fajla i ici na Save;



U sledecoj poruci okaci sadrzaj novonastalog fajla.








Sledeća procedura će implementirati završno čišćenje.


Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Napisano: 03 Jan 2017 16:23

Uradicu kasnije trenutno nemam vremena. Za antivirus nisam siguran da li ti logovi jos uvek postoje zato sto uvek brisem karantin i ostalo sto se nalazi. Ali pokusacu! Javljam se kasnije.

Dopuna: 04 Jan 2017 13:18

Uradio sam Delfix ali nisam uspeo da nadjem one logove od Antivirusa. Veoma mi je zao ali nisam uspeo.

Inace hvala na pomoci!

Ko je trenutno na forumu
 

Ukupno su 1371 korisnika na forumu :: 31 registrovanih, 1 sakriven i 1339 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, bojank, bojcistv, ccoogg123, darkangel, DonRumataEstorski, dragoljub11987, Excalibur13, galijot, Goran 0000, hyla, ikan, jackreacher011011, janbo, Kruger, Kubovac, Leonov, Mcdado, Mercury, Milometer, Milos ZA, milutin134, mnn2, nenad81, NoOneEver Dreams, sasa87, Srle993, Trpe Grozni, Vlada1389, VP6919, yufighter