MyCity » Ambulanta -> Arhiva Ambulante » MBAM detektovao trojanca

MBAM detektovao trojanca

Napisano na dan: 19.2.2015

MBAM detektovao trojanca

Sledeća strana

Pagination

Odgovori

Wisdomseeker Poslao: 19 Feb 2015 19:07 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Prilikom skeniranja računara Malwarebytes Anti-Malware je otkrio trojanca, nisam primetio neke probleme za sada: Trojan.MSIL.Injector C:\Users\Viper\AppData\Local\Temp\_6Ns54C+.exe.part Zamolio bih za proveru. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01 Ran by Viper (administrator) on BIOHAZARD on 19-02-2015 18:06:52 Running from C:\Users\Viper\Desktop Loaded Profiles: Viper (Available profiles: Viper) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser path: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Run: [AntiLogger] => C:\Program Files\AntiLogger\AntiLogger.exe [14679464 2014-12-30] (Zemana Ltd.) HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .xls.com <====== ATTENTION HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .pub.com <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .zip.com <====== ATTENTION HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.pif <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.com <====== ATTENTION HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: .png.pif <====== ATTENTION HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION HKLM Group Policy restriction on software: .7z.com <====== ATTENTION HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION HKLM Group Policy restriction on software: .png.scr <====== ATTENTION HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.pif <====== ATTENTION HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: .doc.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.scr <====== ATTENTION HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.com <====== ATTENTION HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: * <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.com <====== ATTENTION HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.exe <====== ATTENTION HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\.scr <====== ATTENTION HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.com <====== ATTENTION HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.exe <====== ATTENTION HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION HKLM Group Policy restriction on software: .png.com <====== ATTENTION HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION HKLM Group Policy restriction on software: .wma.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.scr <====== ATTENTION HKLM Group Policy restriction on software: .docx.com <====== ATTENTION HKLM Group Policy restriction on software: .gif.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION HKLM Group Policy restriction on software: .rar.com <====== ATTENTION HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\\.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.pif <====== ATTENTION HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.scr <====== ATTENTION HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.com <====== ATTENTION HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION HKLM Group Policy restriction on software: .divx.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: .wav.com <====== ATTENTION HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\.exe <====== ATTENTION HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.exe <====== ATTENTION HKLM Group Policy restriction on software: .txt.com <====== ATTENTION HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\.com <====== ATTENTION HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION HKLM Group Policy restriction on software: .avi.com <====== ATTENTION HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\.scr <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION HKLM Group Policy restriction on software: .png.exe <====== ATTENTION HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe <====== ATTENTION HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.com <====== ATTENTION HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\.scr <====== ATTENTION HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\.exe <====== ATTENTION HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\\.exe <====== ATTENTION HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION HKLM Group Policy restriction on software: :\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\mohaa.exe <====== ATTENTION HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3996403332-3657334071-286337158-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-3996403332-3657334071-286337158-1001\...\Run: [f.lux] => C:\Users\Viper\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3996403332-3657334071-286337158-1001\...\MountPoints2: {20624640-bdc1-11e3-88dd-485b39b507fe} - F:\Install.exe HKU\S-1-5-21-3996403332-3657334071-286337158-1001\...\MountPoints2: {20624641-bdc1-11e3-88dd-485b39b507fe} - G:\autorun\autorun.exe HKU\S-1-5-21-3996403332-3657334071-286337158-1001\...\MountPoints2: {20624643-bdc1-11e3-88dd-485b39b507fe} - I:\SETUP.EXE ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3996403332-3657334071-286337158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-3996403332-3657334071-286337158-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]* SearchScopes: HKU\S-1-5-21-3996403332-3657334071-286337158-1001 -> DefaultScope {7FE829DD-6FFA-4D14-BA99-9EB38C276A02} URL = SearchScopes: HKU\S-1-5-21-3996403332-3657334071-286337158-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166 FireFox: ======== FF ProfilePath: C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737 FF DefaultSearchEngine: DuckDuckGo FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKU\S-1-5-21-3996403332-3657334071-286337158-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Viper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Redirect Bypasser - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\redirectbypasser@moonlight21.com [2015-01-13] FF Extension: DownloadHelper - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-13] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-13] FF Extension: Facebook Disconnect - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\facebook@disconnect.me.xpi [2015-01-13] FF Extension: Flagfox - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-01-13] FF Extension: NoScript - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-13] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-01-13] FF Extension: NoRedirect - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2015-01-13] FF Extension: BetterPrivacy - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-13] FF Extension: Adblock Edge - C:\Users\Viper\AppData\Roaming\Mozilla\Firefox\Profiles\nflzv933.default-1421168456737\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-13] Opera: ======= OPR Extension: (No Name) - C:\Users\Viper\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2014-12-18] OPR Extension: (HTTPS Everywhere) - C:\Users\Viper\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2014-12-18] OPR Extension: (Disconnect) - C:\Users\Viper\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2015-01-19] OPR Extension: (Adblock Plus) - C:\Users\Viper\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [120040 2015-01-15] (Insoft LLC) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-12] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-12-12] (Avast Software) S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-02-11] (SurfRight B.V.) R3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) S3 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1387816 2014-05-12] (O&O Software GmbH) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-14] (Sandboxie Holdings, LLC) S2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH) S2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [126568 2015-01-21] (RaMMicHaeL) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [56080 2015-01-15] () S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-03-08] (Advanced Micro Devices, INC.) S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-03-08] (Advanced Micro Devices, INC.) R1 AntiLog32; C:\Windows\system32\drivers\AntiLog32.sys [80104 2015-01-14] (Zemana Ltd.) S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc) S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-12] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-12] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-12] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-12] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-12] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-12] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-12] () S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [26112 2012-08-07] (Etron Technology Inc) S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 FLxHCIc; C:\Windows\system32\drivers\FLxHCIc.sys [205992 2013-02-25] (Fresco Logic) S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [61608 2013-02-25] (Fresco Logic) R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation) S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [352752 2013-02-22] (Intel Corporation) S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [69816 2014-12-30] (Zemana Ltd.) R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed] R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.) S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [86408 2012-08-27] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [178568 2012-08-27] (Renesas Electronics Corporation) R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () S1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2015-02-19] (secr9tos) [File not signed] R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-14] (Sandboxie Holdings, LLC) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-12-12] (Avast Software) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:06 - 2015-02-19 18:07 - 00026009 _____ () C:\Users\Viper\Desktop\FRST.txt 2015-02-19 18:06 - 2015-02-19 18:06 - 00000000 ____D () C:\FRST 2015-02-19 15:07 - 2015-02-19 15:06 - 00001272 _____ () C:\Users\Viper\Desktop\JRT.txt 2015-02-19 13:16 - 2015-02-19 13:28 - 00000000 ____D () C:\Users\Viper\Desktop\mbar 2015-02-19 13:12 - 2015-02-19 13:14 - 00000000 ____D () C:\AdwCleaner 2015-02-19 12:17 - 2015-02-19 12:17 - 00000261 _____ () C:\Windows\system32\d3dx9_11.dll.tmp 2015-02-19 11:00 - 2015-02-19 11:01 - 00004056 _____ () C:\Users\Viper\Desktop\Rkill.txt 2015-02-19 10:58 - 2015-02-19 10:58 - 05198336 _____ (AVAST Software) C:\Users\Viper\Desktop\aswMBR.exe 2015-02-19 10:57 - 2015-02-19 10:57 - 01126400 _____ (Farbar) C:\Users\Viper\Desktop\FRST.exe 2015-02-19 10:56 - 2015-02-19 10:56 - 15530072 _____ () C:\Users\Viper\Desktop\RogueKiller.exe 2015-02-19 10:56 - 2015-02-19 10:56 - 00448512 _____ (OldTimer Tools) C:\Users\Viper\Desktop\TFC.exe 2015-02-19 10:55 - 2015-02-19 10:55 - 02126848 _____ () C:\Users\Viper\Desktop\AdwCleaner.exe 2015-02-19 10:55 - 2015-02-19 10:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Viper\Desktop\rkill.exe 2015-02-19 10:55 - 2015-02-19 10:55 - 01388274 _____ (Thisisu) C:\Users\Viper\Desktop\JRT.exe 2015-02-19 10:54 - 2015-02-19 10:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Viper\Desktop\tdsskiller.exe 2015-02-19 10:54 - 2015-02-19 10:54 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Viper\Desktop\mbar-1.08.3.1004.exe 2015-02-19 10:43 - 2015-02-19 12:15 - 00000704 _____ () C:\Windows\PFRO.log 2015-02-18 22:05 - 2015-02-18 22:05 - 00000688 _____ () C:\Users\Viper\Desktop\Dell Inspiron 1520.txt 2015-02-18 13:33 - 2015-02-18 13:33 - 16375220 _____ () C:\Users\Viper\Desktop\Maja_Nikolic_-_Apoteka_-_Official_Video_2009.mp4 2015-02-18 09:16 - 2015-02-18 09:16 - 06372800 _____ (Tim Kosse) C:\Users\Viper\Downloads\FileZilla_3.10.1.1_win32-setup.exe 2015-02-15 16:54 - 2015-02-15 16:55 - 00328760 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-15 01:00 - 2015-02-19 17:59 - 00000280 _____ () C:\Windows\setupact.log 2015-02-15 01:00 - 2015-02-15 01:00 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-14 21:35 - 2015-02-14 21:35 - 00074104 _____ () C:\Users\Viper\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-14 08:12 - 2015-02-14 08:14 - 101537126 _____ () C:\Users\Viper\Desktop\Lexington - Potrazi me.mp4 2015-02-12 11:09 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 11:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 11:20 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 11:20 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 11:20 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 11:20 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 11:20 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 11:20 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 11:20 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 11:20 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 11:20 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 11:20 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 11:20 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 11:20 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 11:20 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 11:20 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-11 11:20 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-11 11:20 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-11 11:19 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 11:19 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 11:19 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 11:19 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 11:19 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 11:19 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 11:19 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 11:19 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 11:19 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 11:19 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 11:19 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 11:19 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 11:19 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 11:19 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 11:19 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 11:19 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 11:19 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 11:19 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 11:19 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 11:19 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 11:19 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-02-11 11:19 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 11:19 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 11:19 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 11:19 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 11:19 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 11:19 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 11:19 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 11:19 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 11:19 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 11:19 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 11:19 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 11:19 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 11:19 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 11:19 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 11:19 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 11:19 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 11:18 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 11:18 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 11:18 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 11:18 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 11:15 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 11:15 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-09 14:50 - 2014-11-29 07:15 - 787394544 _____ () C:\Users\Viper\Desktop\video.mp4 2015-02-03 21:33 - 2015-02-03 21:33 - 00001155 _____ () C:\Users\Viper\Desktop\Cloud Mail.Ru.lnk 2015-02-03 21:33 - 2015-02-03 21:33 - 00000000 ____D () C:\Users\Viper\AppData\Local\Mail.Ru 2015-02-03 21:33 - 2015-02-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru 2015-02-03 09:19 - 2014-12-12 18:55 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-02-02 16:53 - 2015-02-02 16:53 - 00001185 _____ () C:\Users\Viper\Desktop\GTASACenter.lnk 2015-02-02 12:16 - 2015-02-02 12:16 - 00053248 _____ () C:\Windows\system32\zlib.dll 2015-02-02 12:16 - 2015-02-02 12:16 - 00001130 _____ () C:\Users\Viper\Desktop\CryptoPrevent.lnk 2015-02-02 12:16 - 2015-02-02 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT 2015-02-02 12:16 - 2015-02-02 12:16 - 00000000 ____D () C:\ProgramData\Foolish IT 2015-02-02 12:16 - 2015-02-02 12:16 - 00000000 ____D () C:\Program Files\Foolish IT 2015-01-31 12:50 - 2015-01-31 12:50 - 00000864 _____ () C:\Users\Viper\Desktop\editor.lnk 2015-01-30 06:16 - 2015-02-01 14:55 - 00000000 ____D () C:\Users\Viper\Documents\GTA San Andreas User Files 2015-01-30 06:08 - 2015-01-30 06:08 - 00001856 _____ () C:\Users\Public\Desktop\GTA San Andreas.lnk 2015-01-30 06:08 - 2015-01-30 06:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2015-01-30 06:08 - 2015-01-30 06:08 - 00000000 ____D () C:\Program Files\Rockstar Games 2015-01-28 02:40 - 2015-01-28 02:40 - 00000925 _____ () C:\Users\Viper\Desktop\CCleaner.lnk 2015-01-23 04:23 - 2015-01-23 04:23 - 00001318 _____ () C:\Users\Viper\Desktop\Lubuntu.lnk 2015-01-22 02:00 - 2015-01-22 02:00 - 00001322 _____ () C:\Users\Viper\Desktop\VM Droid.lnk 2015-01-21 04:06 - 2015-01-29 04:02 - 00000000 ____D () C:\ProgramData\Unchecky 2015-01-21 04:06 - 2015-01-21 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2015-01-21 04:06 - 2015-01-21 04:06 - 00000000 ____D () C:\Program Files\Unchecky ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-19 18:06 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-19 18:06 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-19 18:04 - 2014-12-18 01:11 - 00000000 ____D () C:\Program Files\Opera 2015-02-19 18:02 - 2015-01-03 18:19 - 01935812 _____ () C:\Windows\WindowsUpdate.log 2015-02-19 17:59 - 2014-12-26 07:16 - 00000000 ____D () C:\ProgramData\Adguard 2015-02-19 17:59 - 2014-12-26 07:15 - 00000000 ____D () C:\Program Files\Adguard 2015-02-19 17:59 - 2014-04-06 11:42 - 00000000 ____D () C:\ProgramData\MCShield 2015-02-19 17:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-19 17:58 - 2014-04-06 19:31 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys 2015-02-19 17:27 - 2014-04-06 10:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-19 13:28 - 2014-10-29 04:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-19 13:17 - 2014-04-06 12:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-19 13:16 - 2014-04-06 12:28 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-19 12:36 - 2014-04-08 21:29 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\Skype 2015-02-19 10:43 - 2014-04-06 22:23 - 00000000 ____D () C:\Windows\pss 2015-02-19 06:26 - 2014-04-07 06:00 - 00000000 ____D () C:\Users\Viper\.VirtualBox 2015-02-19 03:10 - 2013-04-14 09:27 - 00724324 _____ () C:\Windows\system32\perfh019.dat 2015-02-19 03:10 - 2013-04-14 09:27 - 00150626 _____ () C:\Windows\system32\perfc019.dat 2015-02-19 03:10 - 2010-11-20 22:01 - 01648402 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-18 09:18 - 2014-05-30 23:10 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\FileZilla 2015-02-18 08:49 - 2014-04-08 22:58 - 00000000 ____D () C:\Program Files\TeamViewer 2015-02-18 08:48 - 2014-12-07 22:40 - 00000961 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-02-18 00:38 - 2014-04-08 02:09 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\vlc 2015-02-17 20:35 - 2014-04-20 19:37 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\TeamViewer 2015-02-16 23:34 - 2014-04-08 02:28 - 00000000 ____D () C:\Users\Viper\dwhelper 2015-02-15 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-15 01:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-02-12 00:22 - 2014-04-06 20:46 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\Nettalk 2015-02-11 11:49 - 2014-12-10 02:24 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-11 11:49 - 2014-04-23 08:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-11 11:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2015-02-11 11:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU 2015-02-11 11:38 - 2014-04-06 10:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 11:28 - 2013-04-14 15:02 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 11:26 - 2013-04-14 14:34 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-11 11:25 - 2014-04-07 10:07 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-06 13:11 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-05 12:27 - 2014-04-06 10:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 12:27 - 2014-04-06 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-02 12:37 - 2014-04-28 03:10 - 00000000 ____D () C:\Program Files\Online Armor 2015-02-02 08:03 - 2014-04-25 23:02 - 00000000 ____D () C:\Users\Viper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-01-30 14:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-30 06:08 - 2014-04-07 06:36 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-29 04:01 - 2014-04-08 21:29 - 00000000 ___RD () C:\Program Files\Skype 2015-01-29 04:01 - 2014-04-08 21:29 - 00000000 ____D () C:\ProgramData\Skype 2015-01-28 09:31 - 2014-10-18 11:57 - 00000000 ____D () C:\Program Files\Pale Moon 2015-01-28 02:52 - 2014-07-24 22:53 - 00456192 ___SH () C:\Users\Viper\Thumbs.db 2015-01-28 02:40 - 2014-11-28 05:55 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-28 02:37 - 2014-09-06 04:37 - 00000600 _____ () C:\Windows\Rtcw.INI 2015-01-28 01:49 - 2014-09-10 09:31 - 00000000 ____D () C:\Users\Viper\AppData\Local\Adobe 2015-01-27 13:32 - 2014-12-03 13:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-23 03:22 - 2014-07-24 22:58 - 00000000 ____D () C:\Users\Viper\VirtualBox VMs 2015-01-23 03:01 - 2014-08-29 06:19 - 00000000 ____D () C:\Users\Viper\.zenmap ==================== Files in the root of some directories ======= 2002-07-01 15:13 - 2002-07-01 15:13 - 0000224 ___SH () C:\Users\Viper\AppData\Roaming\maildriver32.dat 2014-08-26 07:52 - 2014-08-26 07:52 - 0000008 _____ () C:\Users\Viper\AppData\Roaming\pdfdrawcodec.dll 2014-12-31 15:49 - 2014-12-31 15:49 - 0000218 _____ () C:\Users\Viper\AppData\Local\recently-used.xbel 2014-05-04 23:44 - 2014-12-13 18:26 - 0007597 _____ () C:\Users\Viper\AppData\Local\resmon.resmoncfg 2014-05-19 06:31 - 2014-05-19 06:31 - 0000003 _____ () C:\Users\Viper\AppData\Local\updater.log 2014-12-26 07:16 - 2014-12-26 07:16 - 0000261 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat C:\Users\Viper\MOHAA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 04:30 ==================== End Of Log ============================ [Link mogu videti samo ulogovani korisnici]

Profil

magna86 Poslao: 19 Feb 2015 20:58 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Potrebno je na svom Firefox browseru da podesis Default Search Engine nazad na Google.com. [Link mogu videti samo ulogovani korisnici] Isto tako, isprati sledece uputstvo da bi ponovo ukljucio system restore; [Link mogu videti samo ulogovani korisnici] Citat:Trojan.MSIL.Injector C:\Users\Viper\AppData\Local\Temp\_6Ns54C+.exe.part U pitanju je heuristika Pro modula MBAM-a. Detektovani file nije ceo (_6Ns54C+.exe.part) i nalazi se u privremenom direkorijumu. Postavljeni izvestaji ne pokazuju tragove aktivne infekcije. Sistem je cist. No, moramo da izvrsimo dodatnu ARK proveru. Preuzmi program GMER, RootKit Detektor i sačuvati ga na Desktop: Napomena: alat nosi nasumice generisan naziv. Na samoj ikonici će jasno pisati GMER. Dvoklikom pokreni GMER. Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No; klikni dugme [Scan] i sačekaj da skeniranje bude završeno; klikni dugme [Save ...] - izveštaj sačuvaj na Desktop pod nazivom ARK; kliknite taster >>> i odaberite Autostart karticu; klikni dugme [Scan]; po završetku kratkotrajnog skeniranja, klikni [Copy]; otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop pod nazivom autostart; Priloži oba GMER izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

Wisdomseeker Poslao: 19 Feb 2015 22:33 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: GMER logovi: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

magna86 Poslao: 19 Feb 2015 22:56 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moramo jos jednu ARK proveru da odradimo ... Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

Wisdomseeker Poslao: 19 Feb 2015 23:49 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

magna86 Poslao: 20 Feb 2015 21:36 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro je to. CCleaner ce ti isprazniti Temporaly folder ako se detekcija i dlaje javlja. • Sledeća procedura će implementirati završno čišćenje. Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop. Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija; Remove disinfection tools Create registry backup Purge System Restore Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad. Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani. Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno. Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt) - Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix - DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Profil

Wisdomseeker Poslao: 20 Feb 2015 22:16 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK, hvala. Informacije radi, šta je Gmer detektovao kao rootkit?

Profil

magna86 Poslao: 21 Feb 2015 14:04 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! GMER nije detektovao RootKit. Ja sam trazio GMER jer je ovih dana primecen adware koji koristi RootKit komponentu (.sys file ucitan u kernel koji stiti sam adware). Iako ga FRST jasno lista, GMER ga takodje cita. No, MBAR i MBAM su skoro azurirani da ciljaju i ovaj adware-rootkit hibrid tako da ... Gmer je pokazao samo sakriven proces koji nije malicioznog porekla, no opet GMER radi dijagnostiku posmatrajuci ponasanje da se tako izrazim laicki. Ne znam koliko si me razumeo, al' pitao si me. Kao sto rekoh, postavljeni logovi ne daju znake aktivne infekcije.

Profil

Wisdomseeker Poslao: 21 Feb 2015 20:04 Idi na vrh
offline Wisdomseeker Super građanin Pridružio: 12 Feb 2007 Poruke: 1239	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Razumeo sam, hvala na odgovoru.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » MBAM detektovao trojanca

Ko je trenutno na forumu

Ukupno su 711 korisnika na forumu :: 10 registrovanih, 0 sakrivenih i 701 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, aleph_one, bavar357, BrcakRS, Cvijo_ue, Djuza, Enigma Nobody, GrobarPovratak, tomo2, Zastava

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by