MyCity » Ambulanta -> Arhiva Ambulante » Malware: TR/Crypt.XPACK.Gen2

Malware: TR/Crypt.XPACK.Gen2

Napisano na dan: 24.1.2016

Strana:
1
2

Malware: TR/Crypt.XPACK.Gen2

Sledeća strana

Pagination

Odgovori

Strana:
1
2

jazbar Poslao: 24 Jan 2016 19:46 Idi na vrh
offline jazbar Građanin Pridružio: 28 Dec 2009 Poruke: 93 Gde živiš: Lublana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Muči me malware TR/Crypt.XPACK.Gen2, kako da ga neutrališem? Jako mi usporava browser. Koristim Windows XP i Google Chrome browser. Moj antivirusni program ga uopšte ne nađe. Našao sam ga pomoču programa Reimage express, samo što mi program taj program neće da radi u celosti. Nemogu staviti log file pošto mi antivirusni program ne detektuje problema.

Profil

Anonymous358 Poslao: 24 Jan 2016 20:45 Idi na vrh
offline Anonymous358 Gost	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! jazbar ::Muči me malware TR/Crypt.XPACK.Gen2, kako da ga neutrališem? Jako mi usporava browser. Koristim Windows XP i Google Chrome browser. Moj antivirusni program ga uopšte ne nađe. Našao sam ga pomoču programa Reimage express, samo što mi program taj program neće da radi u celosti. Nemogu staviti log file pošto mi antivirusni program ne detektuje problema. mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

jazbar Poslao: 25 Jan 2016 08:42 Idi na vrh
offline jazbar Građanin Pridružio: 28 Dec 2009 Poruke: 93 Gde živiš: Lublana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-01-2016 Ran by Michael (administrator) on MSI (24-01-2016 19:46:22) Running from C:\Documents and Settings\Michael\Desktop Loaded Profiles: Michael (Available Profiles: Michael) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 6 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (ScanSoft, Inc) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (SETCCE) C:\Program Files\SETCCE\proXSign\bin\proxsign.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.) HKLM\...\Run: [type32] => C:\Program Files\Microsoft IntelliType Pro\type32.exe [172032 2004-06-03] (Microsoft Corporation) HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [Omnipage] => C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.) HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM\...\Run: [Search Protection] => C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe [949512 2014-02-17] (Lavasoft) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-05] (APN) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [8001760 2015-12-09] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-09-06] (ATI Technologies Inc.) HKU\S-1-5-21-1123561945-1645522239-725345543-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-1123561945-1645522239-725345543-1004\...\Run: [proxsign] => C:\Program Files\SETCCE\proXSign\bin\proxsign.exe [6589632 2015-11-20] (SETCCE) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{159589FF-C7D2-4EC5-884F-0840E59DE263}: [DhcpNameServer] 192.168.88.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1123561945-1645522239-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1123561945-1645522239-725345543-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 URLSearchHook: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File URLSearchHook: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {024EED88-51B1-471C-80AF-C1F916FE6C97} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYSI&apn_uid=DD778165-CF99-430D-B6EB-EDA8A917AC2D&apn_sauid=17FA1BD1-0ED9-4BD1-8268-29C53658A07A SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {24B06B45-03C7-4CFF-A35C-97668C06EE8D} URL = hxxp://tis.telekom.si/extSearch.aspx?G={searchTerms}&F=TELEKOM SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {D5694A8A-9CC3-4443-9E7D-BD3963B07DA9} URL = hxxp://www.najdi.si/search.jsp?q={searchTerms}&source=IEVS BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File Toolbar: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {2A426405-E493-4525-835C-A7B2DEFE8CC8} hxxps://www.ajpes.si/MDScripts/MDSign/mdSignIE.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244064612359 DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} hxxps://edavki.durs.si/UserRegistration/Controls/ESignDocControls/hslESignDoc2.cab DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll [2013-03-02] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll [2010-07-27] (Panda Security, S.L.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @virtools.com/3DviaPlayer -> C:\Program Files\Virtools\3D Life Player\npvirtools.dll [2011-02-11] (Dassault Systčmes) FF Plugin HKU\S-1-5-21-1123561945-1645522239-725345543-1004: @setcce.si/proXSignXML -> C:\Program Files\SETCCE\proXSign XML\nproXSign11.dll [2013-03-11] (SETCCE) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.ask.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Profile: C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2015-09-30] CHR Extension: (Google Docs) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Elite Unzip) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-06] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23] CHR Extension: (Gmail) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2016-01-05] StartMenuInternet: Google Chrome.K5GCKC2UCOAJ3DQJP4OXYQTSTM - D:\Utility\Microsoft\Hide IP\kproxyagent\kproxyagent\chrome\App\Chrome-bin\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-05] (APN LLC.) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-09-05] () [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [659872 2015-12-09] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed] R2 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) S3 basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant) R3 Bdfndisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys [116248 2013-07-17] (BitDefender LLC) R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC) R1 bdselfpr; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\bdselfpr.sys [135600 2015-12-09] (BitDefender LLC) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 eapihdrv; C:\Documents and Settings\Michael\Local Settings\Temp\ehdrv.sys [135760 2015-12-23] (ESET) S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-12-22] () R2 Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant) R2 Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [169992 2015-12-09] (BitDefender LLC) R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.) R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.) S3 hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant) R2 K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 OlCamudp; C:\WINDOWS\System32\Drivers\olcamudp.sys [10379 2000-02-09] (OLYMPUS Optical Co.,Ltd.) [File not signed] R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.) S3 Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant) R2 SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant) R2 Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant) S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [408280 2015-12-09] (BitDefender S.R.L.) R2 V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant) R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.) R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S3 cpuz134; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X] S4 hpt3xx; no ImagePath S4 IntelIde; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 19:46 - 2016-01-24 19:46 - 00020747 _____ C:\Documents and Settings\Michael\Desktop\FRST.txt 2016-01-24 19:46 - 2016-01-24 19:46 - 00000000 ____D C:\FRST 2016-01-24 19:44 - 2016-01-24 19:44 - 01721856 _____ (Farbar) C:\Documents and Settings\Michael\Desktop\FRST.exe 2016-01-24 19:29 - 2016-01-24 19:29 - 00522240 _____ (OldTimer Tools) C:\Documents and Settings\Michael\Desktop\OTM.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-24 19:46 - 2009-06-03 12:34 - 00000000 ____D C:\WINDOWS 2016-01-24 19:46 - 2009-06-03 11:04 - 00000000 ____D C:\Documents and Settings\Michael\Local Settings\Temp 2016-01-24 19:36 - 2009-09-16 15:55 - 00001044 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-24 19:33 - 2013-09-03 17:46 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk 2016-01-24 19:33 - 2013-09-03 17:46 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2016-01-24 19:23 - 2009-06-03 12:39 - 00593290 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-24 19:22 - 2014-04-08 03:04 - 00002044 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk 2016-01-24 19:20 - 2014-04-08 03:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection 2016-01-24 19:19 - 2009-07-02 02:08 - 00001954 _____ C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link.txt 2016-01-24 19:19 - 2009-06-03 12:20 - 00004194 _____ C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt 2016-01-24 19:18 - 2014-03-27 10:29 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2016-01-24 19:18 - 2009-09-16 15:55 - 00001040 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-24 19:18 - 2009-06-03 14:43 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-01-24 19:18 - 2009-06-03 11:04 - 00000178 ___SH C:\Documents and Settings\Michael\ntuser.ini 2016-01-24 19:18 - 2009-06-03 11:03 - 00032424 _____ C:\WINDOWS\SchedLgU.Txt 2016-01-24 19:18 - 2009-06-03 10:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-24 19:18 - 2009-02-11 10:58 - 00044964 ____C C:\WINDOWS\system32\ativvaxx.cap 2016-01-24 18:05 - 2013-04-15 03:59 - 00000380 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1123561945-1645522239-725345543-1004.job 2016-01-24 16:54 - 2013-04-15 03:59 - 00000380 _____ C:\WINDOWS\Tasks\update-sys.job 2016-01-22 17:40 - 2001-08-18 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2016-01-20 14:02 - 2009-06-03 11:04 - 00000000 ____D C:\Documents and Settings\Michael 2016-01-15 17:19 - 2010-12-18 02:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Invoice Expert 2016-01-13 18:19 - 2001-08-18 13:00 - 00000584 _____ C:\WINDOWS\win.ini 2016-01-13 08:44 - 2013-08-14 10:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-13 08:36 - 2009-06-04 08:28 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-01-08 16:26 - 2014-03-27 10:29 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-01-06 17:25 - 2015-12-24 17:22 - 00002587 _____ C:\WINDOWS\system32\ScanResults.xml 2016-01-06 17:20 - 2015-12-24 17:17 - 00000464 _____ C:\WINDOWS\system32\ScannerSettings 2016-01-03 16:35 - 2015-10-21 10:35 - 00037888 ____H C:\Documents and Settings\Michael\Desktop\~WRL0001.tmp 2015-12-26 14:40 - 2009-06-03 12:34 - 00000000 ___HD C:\WINDOWS\inf ==================== Files in the root of some directories ======= 2011-02-27 03:48 - 2002-06-12 22:49 - 0002878 ____C () C:\Documents and Settings\Michael\Application Data\FUIPRESETS.INI 2015-01-25 09:38 - 2015-01-25 09:38 - 0208269 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\ars.cache 2015-01-25 09:38 - 2015-01-25 09:38 - 0180721 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\census.cache 2009-07-31 11:05 - 2015-10-18 20:29 - 0054272 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 09:31 - 2015-01-25 09:31 - 0000036 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache 2011-02-25 17:06 - 2015-03-23 21:59 - 0000852 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\SilvesterPeliasUserSettings.xml 2015-01-25 09:35 - 2015-01-25 09:35 - 0000010 ____C () C:\Documents and Settings\Michael\Local Settings\Application Data\sponge.last.runtime.cache 2013-04-15 03:59 - 2013-04-15 03:59 - 0000003 _____ () C:\Documents and Settings\Michael\Local Settings\Application Data\updater.log 2013-04-15 03:59 - 2015-10-02 13:03 - 0000412 _____ () C:\Documents and Settings\Michael\Local Settings\Application Data\UserProducts.xml Some files in TEMP: ==================== C:\Documents and Settings\Michael\Local Settings\Temp\ReimagePackage.exe C:\Documents and Settings\Michael\Local Settings\Temp\sqlite3.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ mycity.rs/must-login.png

Profil

return void Poslao: 25 Jan 2016 22:19 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav! Za pocetak, deinstaliraj sledeci program: Search App by Ask Nakon toga, 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CreateRestorePoint: C:\Documents and Settings\All Users\Application Data\Search Protection (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-05] (APN) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {024EED88-51B1-471C-80AF-C1F916FE6C97} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYSI&apn_uid=DD778165-CF99-430D-B6EB-EDA8A917AC2D&apn_sauid=17FA1BD1-0ED9-4BD1-8268-29C53658A07A SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} Toolbar: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.ask.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Extension: (Elite Unzip) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-06] CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2016-01-05] R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-05] (APN LLC.) C:\Documents and Settings\Michael\Application Data\FUIPRESETS.INI C:\Documents and Settings\Michael\Local Settings\Application Data\updater.log C:\Documents and Settings\Michael\Local Settings\Application Data\UserProducts.xml AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4298B0A2 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF14D50A C:\Program Files\AskPartnerNetwork C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork EmptyTemp: 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a. Nakon toga, Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop Dvoklikom pokreni program. Klikni na dugme [Scan] i pricekaj da program zavrsi. Klikni na dugme [Clean] Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu. Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem. Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl" Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

Profil

jazbar Poslao: 29 Jan 2016 10:21 Idi na vrh
offline jazbar Građanin Pridružio: 28 Dec 2009 Poruke: 93 Gde živiš: Lublana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Jan 2016 9:57 Fix result of Farbar Recovery Scan Tool (x86) Version:24-01-2016 Ran by Michael (2016-01-29 09:47:25) Run:2 Running from C:\Documents and Settings\Michael\Desktop Loaded Profiles: Michael (Available Profiles: Michael) Boot Mode: Normal ============================================== fixlist content: *************** CreateRestorePoint: C:\Documents and Settings\All Users\Application Data\Search Protection (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-05] (APN) HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {024EED88-51B1-471C-80AF-C1F916FE6C97} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYSI&apn_uid=DD778165-CF99-430D-B6EB-EDA8A917AC2D&apn_sauid=17FA1BD1-0ED9-4BD1-8268-29C53658A07A SearchScopes: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-08&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} Toolbar: HKU\S-1-5-21-1123561945-1645522239-725345543-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms} CHR DefaultSearchKeyword: Default -> search.ask.com CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} CHR Extension: (Elite Unzip) - C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea [2015-03-06] CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2016-01-05] R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-05] (APN LLC.) C:\Documents and Settings\Michael\Application Data\FUIPRESETS.INI C:\Documents and Settings\Michael\Local Settings\Application Data\updater.log C:\Documents and Settings\Michael\Local Settings\Application Data\UserProducts.xml AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4298B0A2 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF14D50A C:\Program Files\AskPartnerNetwork C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork EmptyTemp: *************** Restore point was successfully created. "C:\Documents and Settings\All Users\Application Data\Search Protection" => not found. C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-1123561945-1645522239-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found. HKU\S-1-5-21-1123561945-1645522239-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{024EED88-51B1-471C-80AF-C1F916FE6C97} => key not found. HKCR\CLSID\{024EED88-51B1-471C-80AF-C1F916FE6C97} => key not found. HKU\S-1-5-21-1123561945-1645522239-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found. HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => key not found. HKU\S-1-5-21-1123561945-1645522239-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found. HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. Chrome HomePage => not found. Chrome DefaultSearchURL => not found. Chrome DefaultSearchKeyword => not found. Chrome DefaultSuggestURL => not found. C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea => not found. HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key not found. "C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => not found. APNMCP => service not found. "C:\Documents and Settings\Michael\Application Data\FUIPRESETS.INI" => not found. "C:\Documents and Settings\Michael\Local Settings\Application Data\updater.log" => not found. "C:\Documents and Settings\Michael\Local Settings\Application Data\UserProducts.xml" => not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":4298B0A2" ADS not found. "C:\Documents and Settings\All Users\Application Data\TEMP" => ":BF14D50A" ADS not found. "C:\Program Files\AskPartnerNetwork" => not found. "C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork" => not found. EmptyTemp: => 705.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 09:47:43 ==== Dopuna: 29 Jan 2016 10:21 Nemogu pokrenuti program AdwCleaner ni u "Safe Modu"

Profil

return void Poslao: 29 Jan 2016 20:38 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! FRST je u redu. Umesto adwcleaner-a, pokreni ovo: Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop. zatvori browser i ostale pokrenute programe; Privremeno deaktiviraj zastitni softver (Uputstvo); dvoklikom na ikonicu pokreni program JRT; Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje. Napomena: u zavisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje. Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt Kopiraj sadrzaj tog loga u temu.

Profil

jazbar Poslao: 31 Jan 2016 19:25 Idi na vrh
offline jazbar Građanin Pridružio: 28 Dec 2009 Poruke: 93 Gde živiš: Lublana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Microsoft Windows XP x86 Ran by Michael (Administrator) on ned 31/01/2016 at 19:19:59,81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 7 Successfully deleted: C:\Documents and Settings\Michael\Application Data\adawaretb (Folder) Successfully deleted: C:\Documents and Settings\Michael\Application Data\systweak (Folder) Successfully deleted: C:\Documents and Settings\Michael\Local Settings\Application Data\adawarebp (Folder) Successfully deleted: C:\Program Files\Toolbar Cleaner (Folder) Successfully deleted: C:\WINDOWS\reimage.ini (File) Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-1123561945-1645522239-725345543-1004.job (Task) Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task) Registry: 4 Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ned 31/01/2016 at 19:21:34,75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Profil

return void Poslao: 31 Jan 2016 22:46 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U redu. Da izvrsimo jos jednu proveru. Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop. Dvoklikom pokreni MBAR () na ikonicu programa: - Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u; - mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.; - U uvodnom prozoru klikni dugme Next ukoliko si saglasan; • Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next; • Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan; Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka: - 'Could not load protection driver' => u tom slucaju klikni OK. - 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta. >> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje. >> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje. - Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja. Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe: - Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ... - Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem. Sledeci izvestaji ce biti formirani u mbar folderu. 1. mbar-log-year-month-day (hour-minute-second).txt 2. system-log.txt Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Profil

jazbar Poslao: 01 Feb 2016 18:20 Idi na vrh
offline jazbar Građanin Pridružio: 28 Dec 2009 Poruke: 93 Gde živiš: Lublana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Malwarebytes Anti-Rootkit BETA 1.9.3.1001 malwarebytes.org Database version: main: v2016.02.01.04 rootkit: v2016.01.20.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Michael :: MSI [administrator] 1/2/2016 18:01:11 mbar-log-2016-02-01 (18-01-11).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit \| Drivers \| MBR \| Physical Sectors \| Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken Scan options disabled: Objects scanned: 347153 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) mycity.rs/must-login.png

Profil

return void Poslao: 01 Feb 2016 21:14 Idi na vrh
offline return void Anti Malware Fighter Rank 1 Pridružio: 02 Jan 2008 Poruke: 2167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malware: TR/Crypt.XPACK.Gen2

Ko je trenutno na forumu

Ukupno su 886 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 853 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Ben Roj, bojank, cikadeda, DPera, DragoslavS, ILGromovnik, Istman, Lazarus, m0nstrum_, Misirac, moldway, Ne doznajem se u oružje, Nemanja.M, nemkea71, Parker, royst33, sabros, saputnik plavetnila, slonic_tonic, sombrero, SR-3m, Srki94, Srle993, vasa.93, vaso1, Vlad000, wizzardone, zlaya011, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by