MyCity » Ambulanta -> Arhiva Ambulante » Virus Diablo6

Virus Diablo6

Napisano na dan: 10.8.2017

Virus Diablo6

Idi na vrh

Poslao: 10 Avg 2017 11:19
Idi na vrh
offline
  • Pridružio: 10 Avg 2017
  • Poruke: 2

Pozdrav,
imam problem-otvorila u mejlu zipovan folder i nakon toga ne mogu da otvorim dokumente, slike. Virus :-( (pored svakog pise Diablo6 file i sifra umesto imena). I ne radi nista sem interneta :-)

HELP!
mycity.rs/must-login.png

mycity.rs/must-login.png




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Nikola (administrator) on IVAN (10-08-2017 12:06:32)
Running from C:\Users\Nikola\Downloads
Loaded Profiles: Nikola (Available Profiles: Nikola)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Vip mobilni internet\AssistantServices.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\Vip mobilni internet\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\Vip mobilni internet\CancelAutoPlay.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Nikola\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-14] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [CancelAutoPlay] => C:\Program Files (x86)\Vip mobilni internet\CancelAutoPlay.exe [414544 2012-03-12] ()
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Vip mobilni internet\UIExec.exe [156448 2012-05-11] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49904 2014-08-14] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\...\MountPoints2: {5ca7dd50-51eb-11e3-be76-008cfa34fbeb} - "G:\Windows/AutoRun.exe"
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\...\MountPoints2: {f1c5c537-795a-11e5-be85-008cfa34fbeb} - "G:\Autorun.exe"
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\...\MountPoints2: {f1c5c546-795a-11e5-be85-008cfa34fbeb} - "G:\Autorun.exe"
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\...\MountPoints2: {f1c5c5bb-795a-11e5-be85-008cfa34fbeb} - "G:\Autorun.exe"
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\WLXPGSS.SCR [321472 2012-07-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{191E7D48-2F1D-48A2-8492-E750999701CF}: [DhcpNameServer] 192.168.1.10 192.168.1.1
Tcpip\..\Interfaces\{23FC1987-20D2-4896-8E8B-BD1911B2BC6F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-4167515356-3470986416-1549138154-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-4167515356-3470986416-1549138154-1001 -> DefaultScope {81F99BF4-7733-4ECA-B173-DA8149AA1671} URL =
SearchScopes: HKU\S-1-5-21-4167515356-3470986416-1549138154-1001 -> {81F99BF4-7733-4ECA-B173-DA8149AA1671} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-05] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-05] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Nikola\AppData\Roaming\TomTom\HOME\Profiles\dg9jcx46.default [2014-08-08]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2014-01-29] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-11-20] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.rs/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default [2017-08-10]
CHR Extension: (Google Docs) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Gmail) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
R2 UI Assistant Service; C:\Program Files (x86)\Vip mobilni internet\AssistantServices.exe [274760 2012-08-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 cxbu0x64; C:\windows\system32\DRIVERS\cxbu0x64.sys [147576 2014-04-05] (HID Global Corporation)
S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 RTL8192Ce; C:\windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-17] (Synaptics Incorporated)
R0 THAccel; C:\windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 12:06 - 2017-08-10 12:07 - 000015131 _____ C:\Users\Nikola\Downloads\FRST.txt
2017-08-10 12:04 - 2017-08-10 12:06 - 000000000 ____D C:\FRST
2017-08-10 12:03 - 2017-08-10 12:03 - 002381824 _____ (Farbar) C:\Users\Nikola\Downloads\FRST64 (2).exe
2017-08-10 10:28 - 2017-08-10 10:37 - 000000000 ____D C:\ProgramData\HitmanPro
2017-08-10 10:27 - 2017-08-10 10:27 - 011584088 _____ (SurfRight B.V.) C:\Users\Nikola\Downloads\hitmanpro_x64.exe
2017-08-10 09:13 - 2017-08-10 09:13 - 009858119 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-E0074886-F3A2198D102B.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 002490501 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-29BE676E-199B71EC6136.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 001719950 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-D7292ECF-6F4B19519D2B.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 001604207 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-A1BCCF5E-CAD27B2428E2.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 001251032 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-A01344BD-DAD6A0F4374E.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000256324 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-EACE9FBA-738B235C04AD.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000216900 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-0007EB9D-8129E60B9FF3.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000202052 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-74EA85AE-204F5B10C9D8.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000191300 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-591C2C47-2D312B5EA8C5.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000131396 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-E313757F-38ACC687EEBF.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000127595 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-50E7EBC4-B894E2729B55.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000096068 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-213FC829-7D8E835590E5.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000070468 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-6D9A582A-905667021BC2.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000055700 _____ C:\Users\Nikola\Downloads\KFZWCM05-H639-1AX6-6B79D4E2-FDED285C5863.diablo6
2017-08-10 09:13 - 2017-08-10 09:13 - 000008584 ____C C:\Users\Nikola\Downloads\diablo6-3dff.htm
2017-08-10 09:09 - 2017-08-10 09:09 - 000000000 ____D C:\Users\Nikola\AppData\Roaming\WinRAR
2017-08-05 12:09 - 2017-08-10 09:13 - 000000000 ____D C:\Users\Nikola\Desktop\stankovic radmilo
2017-08-02 11:28 - 2017-08-10 09:13 - 000000000 ____D C:\Users\Nikola\Desktop\Dragan Nikolić
2017-07-31 09:49 - 2017-08-10 09:13 - 000000000 ____D C:\Users\Nikola\Desktop\Sonja Savić
2017-07-29 11:14 - 2017-07-29 11:14 - 000062976 _____ C:\Users\Nikola\Desktop\LAGER MAZDA jul.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-10 12:03 - 2015-10-23 09:54 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 12:02 - 2017-05-12 12:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 11:56 - 2015-03-19 15:15 - 000000000 ____D C:\Users\Nikola\AppData\Roaming\ClassicShell
2017-08-10 11:29 - 2015-09-28 11:19 - 000000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0f9cebda1b878.job
2017-08-10 11:29 - 2014-01-23 14:42 - 000000000 ____D C:\windows\system32\MRT
2017-08-10 11:27 - 2014-01-23 14:42 - 140394280 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-08-10 11:24 - 2014-08-08 12:04 - 000000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1cfb2f02c7f4aef.job
2017-08-10 10:30 - 2013-11-20 16:16 - 000000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-10 10:17 - 2015-12-02 11:25 - 000000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d12ce3714a69af.job
2017-08-10 09:57 - 2014-08-21 13:04 - 000491008 ___SH C:\Users\Nikola\Desktop\Thumbs.db
2017-08-10 09:54 - 2012-07-26 10:12 - 000000000 ____D C:\windows\AUInstallAgent
2017-08-10 09:53 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-10 09:15 - 2013-11-20 16:03 - 000000000 ____D C:\YuRecnik
2017-08-10 09:13 - 2017-06-14 12:45 - 000000000 ____D C:\Users\Nikola\Desktop\Jankovski Vangel
2017-08-10 09:13 - 2017-04-28 15:21 - 000000000 ___RD C:\Users\Nikola\Desktop\Marina
2017-08-10 09:13 - 2015-03-10 11:40 - 000000000 ___RD C:\Users\Nikola\Documents\Scanned Documents
2017-08-10 09:13 - 2013-11-20 16:02 - 000000000 ____D C:\ProgramData\Book Place
2017-08-10 09:13 - 2013-05-21 02:48 - 000000000 ____D C:\TOSHIBA
2017-08-08 14:18 - 2013-11-20 16:17 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-01 15:14 - 2012-07-26 09:28 - 000848230 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-01 15:14 - 2012-07-26 07:37 - 000000000 ____D C:\windows\Inf
2017-07-29 09:18 - 2012-07-26 09:22 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-07-29 09:17 - 2012-07-26 07:26 - 000262144 ___SH C:\windows\system32\config\BBI

Some files in TEMP:
====================
2017-08-10 10:38 - 2017-08-10 10:27 - 011584088 _____ (SurfRight B.V.) C:\Users\Nikola\AppData\Local\Temp\HitmanPro.exe
2014-12-23 16:48 - 2015-01-08 11:05 - 000000000 _____ () C:\Users\Nikola\AppData\Local\Temp\{44E5E3AC-F36B-4DB1-88A7-C1314B97CE43}-39.0.2171.95_chrome_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-10 11:27

==================== End of FRST.txt ============================

Poslao: 11 Avg 2017 13:00
Idi na vrh
offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Napisano: 11 Avg 2017 13:30

Pozdrav, nažalost imaš ransomware i kao posljedica njega fajlovi su ti zaključani. Ja mogu da uklonim malver ako želiš, ali pristup datotekama ne mogu da vratim. One su izgubljene ako nemaš backup. Žao mi je.

Dopuna: 11 Avg 2017 14:00

Imaš li kojim slučajem još uvek taj mejl negde?

Poslao: 14 Avg 2017 08:16
Idi na vrh
offline
  • Pridružio: 10 Avg 2017
  • Poruke: 2

Hvala. Nadala se "boljem" odgovoru za mene :-)
Mejla nema.

MyCity » Ambulanta -> Arhiva Ambulante » Virus Diablo6

Ko je trenutno na forumu
 

Ukupno su 982 korisnika na forumu :: 55 registrovanih, 8 sakrivenih i 919 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., amstel, aramis s, Atomski čoban, bankulen, bestguarder, Bojadin Strumski, bojankrstc, bojcistv, Boris90, BORUTUS, BSD, bufanje, celik, Denaya, Dimitrije Paunovic, Doca, doklevise, Dorcolac, dule10savic, FileFinder, HrcAk47, ILGromovnik, Joco Skljoco, kolle.the.kid, kybonacci, Litostroton, ljubacv, macak44, mercedesamg, mikrimaus, MilosKop, MiroslavD, nebkv, nemkea71, pein, Petarvu, procesor, raptorsi, RJ, Shinobi, slonic_tonic, sombrero, sovanova95, SR-3m, theNedjeljko, Vatreni Zmaj, VJ, vlad4, vladaa012, voja64, VojvodaMisic, |_MeD_|, 79693