Mislim me spijuniraju, i zastita ip adrese...

Mislim me spijuniraju, i zastita ip adrese...

offline
  • Pridružio: 23 Feb 2015
  • Poruke: 30

E ovako imam problem, mislim da me spijuniraju, da su ubacili virus i da mogu da prate moju privatnost sto preko internet browsera sto ovako pracenje opsteg rada na kompijuteru, instalirao sam rootkitbuster i on mi je pokazao drugi deo
Instalirao sam tor i preko njega vam pisem(obicno koristim google chrome), da ne bi mozda ukoliko me prate i ovo videli (ne znam ni da li taj tor uopste pomaze), ali tako sam procitao na internetu da sluzi za zastitu, ali ako mogu da vide cist rad mog kompijutera kao i ja sto gledam, onda mogu da vide i ovo sto vam pisem. Moram da priznam da sam totalno neupucen sto se tice ovoga. Drugi problem je zastita ip adrese, desava mi se dok radim na kompu da mi se ugasi komp i to vise puta iako mi se pre to nikada nije desavalo, verovatno imaju moju ip adresu i koriste razne programe kako bi mi ugasili komp ili oborili sistem kao sto je prikazano na ovom klipu npr. [youtube]http://youtu.be/vpkQoa0v2e0[/youtube] Pokusao sam da vam objasnim celu situaciju. GUZ - Glavom U Zid





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by test (administrator) on CHANGEME1 on 23-02-2015 01:17:16
Running from C:\Documents and Settings\test\Desktop
Loaded Profiles: test (Available profiles: test)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files\QupZilla\qupzilla.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Documents and Settings\test\Desktop\Tor Browser\Browser\firefox.exe
() C:\Documents and Settings\test\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Trend Micro Inc.) C:\Documents and Settings\test\Desktop\RootkitBusterV5.0-1180.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\test\Application Data\uTorrent\uTorrent.exe [1677904 2015-01-27] (BitTorrent Inc.)
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\...\Policies\Explorer: [MaxRecentDocs] 16
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1220945662-963894560-1801674531-1003] => http=;ftp=;https=;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1220945662-963894560-1801674531-1003 -> {7991AF67-00AB-4CAC-9C36-3FC75C5F9F39} URL = search.yahoo.com/search?fr=chr-greentree_i.....549&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: search.yahoo.com/search?fr=greentree_ff1&a.....549&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1220945662-963894560-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\test\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\abs@avira.com [2015-02-22]
FF Extension: Flashlight - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\flashlight@stephennolan.com.au [2014-04-23]
FF Extension: Ask Toolbar - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\toolbar@ask.com [2015-02-22]
FF Extension: Lightbeam - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-08-24]
FF Extension: YouTube Auto Replay - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2014-04-01]
FF Extension: Adblock Plus - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-07]

Chrome:
=======
CHR Profile: C:\Documents and Settings\test\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - No Path Or update_url value
StartMenuInternet: Google Chrome - C:\Documents and Settings\test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-11] (Oracle Corporation)
S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [153808 2010-06-08] (Avanquest Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ctsfm2k; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [130192 2003-09-22] (Creative Technology Ltd) [File not signed]
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-30] (DT Soft Ltd)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30616 2013-04-11] ()
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24920 2013-01-06] (Kaspersky Lab)
S1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [43608 2013-01-06] (Kaspersky Lab)
S1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
S3 ms_mpu401; C:\WINDOWS\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\DRIVERS\Neo_0032.sys [25824 2014-09-28] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ossrv; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [178672 2003-09-22] (Creative Technology Ltd.) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\FM801A.sys [1293312 2007-11-30] () [File not signed]
S3 s1039mdm; C:\WINDOWS\System32\DRIVERS\s1039mdm.sys [124016 2010-03-15] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 SRS_SSCFilter; C:\WINDOWS\System32\drivers\srs_sscfilter_i386.sys [268912 2009-12-15] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ssm_bus; C:\WINDOWS\System32\DRIVERS\ssm_bus.sys [104448 2010-04-27] (MCCI Corporation)
S3 ssm_mdfl; C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys [132608 2010-04-27] (MCCI Corporation)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [302760 2015-02-23] (Trend Micro Inc.)
R2 tmrkb; C:\WINDOWS\system32\drivers\tmrkb.sys [171408 2015-02-23] (trend_company_name)
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55232 2014-03-19] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S4 IntelIde; No ImagePath
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\amdk7.sys 8FCE268CDBDD83B23419D1F35F42C7B1
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 8759322FFC1A50569C1E5528EE8026B7
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\avgntflt.sys F581D2F3E30C1CA7206D660FB7689F98
C:\WINDOWS\System32\DRIVERS\avipbb.sys A2EE407D6D3757A2FFD5095DD16AE1F2
C:\WINDOWS\System32\DRIVERS\avkmgr.sys D8C712305F73CD34D1B344810E522728
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys B459AE4AFCA570088ADDDBE55EABBC92
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\System32\DRIVERS\fetnd5.sys E9648254056BCE81A85380C0C3647DC4
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\FsUsbExDisk.SYS CBE5F69A5E5B918225F420BA748F3742
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\system32\drivers\hitmanpro37.sys 7EAB073BF5949ED639660787A01B623D
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\klmouflt.sys A8234A8F67B0565F74753FE88A7BF03D
C:\WINDOWS\System32\DRIVERS\kltdi.sys 53C0DF6C5139CB78A631E7AFCD893730
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\System32\DRIVERS\kneps.sys 71A38C123600172511C26BFABD0EF579
C:\WINDOWS\system32\Drivers\KSecDD.sys C6EBF1D6AD71DF30DB49B8D3287E1368
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\msmpu401.sys CA3E22598F411199ADC2DFEE76CD0AE0
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\Neo_0032.sys 6F108F585BEB3E406415749DA37D6653
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys C823D5E609762C075F26F7FC56690F34
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\ctoss2k.sys C720C25B2D0C93DC425155F5B6A707F3
C:\WINDOWS\System32\drivers\FM801A.sys 8185D822260E030F9EDC05E4F222CA88
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\s1039bus.sys D0EEDC88876B20D42157CDCCA3E647F3
C:\WINDOWS\System32\DRIVERS\s1039mdfl.sys 7B35091A7BB597C86262C589B0B57D06
C:\WINDOWS\System32\DRIVERS\s1039mdm.sys 4CB1AB13C9813CBF3E4C6406F8043EC2
C:\WINDOWS\System32\DRIVERS\s1039mgmt.sys 2649CA09585A7531126DCC116AD1F88C
C:\WINDOWS\System32\DRIVERS\s1039nd5.sys 6D3F549EFD6DAEDD7D12F3DE2175053F
C:\WINDOWS\System32\DRIVERS\s1039obex.sys 305E3E3ACA0037AF2E2C1B50A383C91B
C:\WINDOWS\System32\DRIVERS\s1039unic.sys 7DD02A58277C84C043442561589914F4
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\drivers\srs_sscfilter_i386.sys 25ECEA986742275ECB23A1CB6BC87A61
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\WINDOWS\System32\DRIVERS\ssm_bus.sys 9ECE19A1A4F4896597C3BB840FBFA721
C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys 8E93A17A5253999A0E7C332F475699DC
C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys C0BA1357C63DEACF3B3CCF4B989FEF06
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\drivers\tmcomm.sys E28CE623E3E5FA1D2FE16C721EFAD4C2
C:\WINDOWS\system32\drivers\tmrkb.sys 79622BDC0401193FEEE9D0965F648407
C:\WINDOWS\System32\drivers\tStLib.sys 9C0E9BFF9FA6B7DC1CE82AF78974BAAF
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys F2107C9D85EC0DF116939CCCE06AE697
C:\WINDOWS\System32\DRIVERS\uagp35.sys D85938F272D1BCF3DB3A31FC0A048928
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\System32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 01:17 - 2015-02-23 01:18 - 00025259 _____ () C:\Documents and Settings\test\Desktop\FRST.txt
2015-02-23 01:17 - 2015-02-23 01:18 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\AskToolbar
2015-02-23 01:16 - 2015-02-23 01:17 - 00000000 ____D () C:\FRST
2015-02-23 01:16 - 2015-02-23 01:16 - 01126912 _____ (Farbar) C:\Documents and Settings\test\Desktop\FRST.exe
2015-02-23 00:54 - 2015-02-23 00:56 - 00000000 ____D () C:\Documents and Settings\test\Desktop\TMRBLog
2015-02-23 00:54 - 2015-02-23 00:54 - 00302760 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-02-23 00:54 - 2015-02-23 00:54 - 00171408 _____ (trend_company_name) C:\WINDOWS\system32\Drivers\tmrkb.sys
2015-02-23 00:54 - 2015-02-23 00:54 - 00000000 ____D () C:\Documents and Settings\test\Desktop\log
2015-02-23 00:53 - 2015-02-23 00:54 - 10066480 _____ (Trend Micro Inc.) C:\Documents and Settings\test\Desktop\RootkitBusterV5.0-1180.exe
2015-02-22 23:50 - 2015-02-22 23:51 - 00000000 ____D () C:\Documents and Settings\test\Desktop\Tor Browser
2015-02-22 23:24 - 2015-02-23 01:01 - 00000232 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Program Files\Ask.com
2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Documents and Settings\test\Application Data\RealHideIP
2015-02-22 23:24 - 2015-02-22 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealHideIP
2015-02-22 23:23 - 2015-02-22 23:23 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\Real Hide IP.lnk
2015-02-22 23:23 - 2015-02-22 23:23 - 00000000 ____D () C:\Program Files\RealHideIP
2015-02-22 23:23 - 2015-02-22 23:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Real Hide IP
2015-02-22 23:16 - 2015-02-22 23:16 - 00000000 ____D () C:\Documents and Settings\test\Desktop\Real Hide IP 4.0.9.6 + Patch (UST) [TrT-TcT]
2015-02-18 20:04 - 2015-02-18 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-15 20:31 - 2015-02-15 20:31 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021515-02.dmp
2015-02-15 12:49 - 2015-02-15 12:49 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021515-01.dmp
2015-02-13 18:05 - 2015-02-13 18:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021315-01.dmp
2015-02-13 13:56 - 2015-02-13 13:56 - 00025432 _____ () C:\Documents and Settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-13 13:54 - 2015-02-13 13:54 - 00142832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 22:24 - 2015-02-10 22:24 - 00000000 ____D () C:\Documents and Settings\test\Start Menu\Programs\Popcorn Time
2015-02-10 22:22 - 2015-02-10 22:24 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Popcorn Time
2015-01-28 23:08 - 2015-02-03 19:21 - 00000000 ____D () C:\Documents and Settings\test\Desktop\Lige
2015-01-26 04:55 - 2015-01-26 04:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini012615-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-23 01:18 - 2013-04-11 18:19 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\temp
2015-02-23 01:09 - 2013-01-12 02:58 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-02-23 01:00 - 2012-09-07 10:27 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-22 23:35 - 2014-07-01 03:31 - 00032303 _____ () C:\WINDOWS\setupapi.log
2015-02-22 23:25 - 2015-01-12 04:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-22 23:16 - 2012-09-14 18:00 - 00000000 ____D () C:\Documents and Settings\test\Application Data\uTorrent
2015-02-22 23:06 - 2013-12-22 02:39 - 01757259 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 23:05 - 2012-09-07 10:54 - 00000578 _____ () C:\WINDOWS\Tasks\PandaUSBVaccine.job
2015-02-22 23:05 - 2012-09-07 10:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-22 15:44 - 2014-11-21 01:28 - 00144882 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-963894560-1801674531-1003-0.dat
2015-02-22 15:44 - 2014-11-18 14:58 - 00144882 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-22 15:44 - 2014-02-21 17:25 - 00032562 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-22 15:44 - 2012-09-07 10:36 - 00000178 ___SH () C:\Documents and Settings\test\ntuser.ini
2015-02-22 15:44 - 2012-09-07 10:36 - 00000000 ____D () C:\Documents and Settings\test
2015-02-22 01:32 - 2014-12-09 23:04 - 00000000 ____D () C:\Documents and Settings\test\Application Data\streamWriter
2015-02-22 01:15 - 2014-12-09 23:04 - 00000000 ____D () C:\Program Files\streamWriter
2015-02-20 02:07 - 2014-07-19 20:24 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2015-02-20 02:07 - 2014-07-19 20:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-20 00:48 - 2014-05-21 20:09 - 00001250 _____ () C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
2015-02-15 20:31 - 2012-09-11 19:15 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-12 17:47 - 2013-01-07 19:55 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-02-12 15:56 - 2012-09-07 12:21 - 00000327 __RSH () C:\boot.ini
2015-02-12 15:56 - 2008-04-14 13:00 - 00000677 _____ () C:\WINDOWS\win.ini
2015-02-12 15:56 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-11 16:52 - 2014-08-12 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-11 14:30 - 2013-01-12 02:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-02-11 14:29 - 2013-01-12 02:43 - 00000000 ____D () C:\Program Files\Avira
2015-02-06 22:09 - 2012-09-07 11:56 - 00327680 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-02-06 18:47 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-03 19:29 - 2014-10-03 18:28 - 00000000 ____D () C:\Documents and Settings\test\Desktop\RankedGaming

==================== Files in the root of some directories =======

2012-09-15 16:41 - 2012-09-15 16:41 - 0002528 _____ () C:\Documents and Settings\test\Application Data\$_hpcst$.hpc
2013-09-02 15:32 - 2014-05-28 21:10 - 0045194 _____ () C:\Documents and Settings\test\Application Data\room_v3.dat
2012-09-20 16:13 - 2014-01-18 13:36 - 0030208 _____ () C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\test\Local Settings\temp\avgnt.exe
C:\Documents and Settings\test\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\test\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================







mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ovo izgleda prilično čisto.


Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

Ask Toolbar



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-963894560-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF Extension: Ask Toolbar - C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\vu7fmpb6.default\Extensions\toolbar@ask.com [2015-02-22]
C:\Program Files\Ask.com
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [302760 2015-02-23] (Trend Micro Inc.)
R2 tmrkb; C:\WINDOWS\system32\drivers\tmrkb.sys [171408 2015-02-23] (trend_company_name)
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55232 2014-03-19] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6764D965
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).





Arrow Korak 3

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 23 Feb 2015
  • Poruke: 30

Evo sve sam uradio kako si rekao brate..
Ovo je fixlog.txt
mycity.rs/must-login.png
Ovo je Gmer.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U izvještajima ne vidim tragove aktivne infeckije.


Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Arrow

Dodaj još RAM-a i instaliraj Windows 7 ili Windows 8.1.

offline
  • Pridružio: 23 Feb 2015
  • Poruke: 30

Ok uradjeno je sve to, ali ispao je sada jedan novi problem, u task manager-u mi pokazuje jedan processes pod nazivom isass.exe ja sam procitao to na internetu da je to neki virus koji snima sta kucam kretanje misa kao i monitor, pokusao sam da ugasim ali mi ovo pise "This is a critical system process. task Manager cannont end this process" ? ali pre skidanja i pokretanja ovih programa nisam imao ove procese u task manager-u, taj isass.exe nisam imao u task manageru. kao i csrss.exe takodje i ctfmon.exe?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To su Windowsovi procesi od kojih su dva sistemska.
http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service
http://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem

dok ti ctfmon.exe omogućava provjeru input jezika za tastaturu.

offline
  • Pridružio: 23 Feb 2015
  • Poruke: 30

Jao brate, znas koliko je poceo da mi koci komp zbog tog lsass.exe, ja sam napisao isass.exe, a u stvari je lsass.exe , usao sam u safe mode i lsass.exe i crss.exe sam izbacio na desktop posle toga mi je pao sistem(bas sam tupan) sad kad ga reinstaliram mislim da ce biti sve ok, samo mi reci u vezi ip adrese da li je moguce da se onako iskljucuje kompijuter na daljinu kao na klipu u prvom postu sto sam stavio ? i da hvala ti puno na pomoci i izdvojenom vremenu.

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To kod Sedmice ide malo drugačije, a svoja ostala pitanja iznesi u Windows forumu.

offline
  • Pridružio: 23 Feb 2015
  • Poruke: 30

Ok hvala jos jednom .

Ko je trenutno na forumu
 

Ukupno su 714 korisnika na forumu :: 32 registrovanih, 6 sakrivenih i 676 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, aramis s, Bahuss, Brankoni, Cirkon, dexter300, dragoljub11987, Drug pukovnik, goxin, h8propaganda, Hoegaarden, HrcAk47, ILGromovnik, Konda, Kruger, MB120mm, mercedesamg, moldway, Neo BetOnBit, peruni, RJ, rovac, sabros, Smd, sokars, sosko, stegonosa, Toni, Toper, Voivoda, YU-UKI, 223223