Pokupljen virus sa fejsbuka

• 1Ovo se svidja korisniku: eoma
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 05 Jul 2014 8:21

Pozdrav!
Sinoc mi supruga bila na svom profilu i kliknula na neki link od privatnog svoga videa i taj video je momentalno blokirao ceo racunar a link je otisao svima prijateljima sto ima na profilu.
Racunar trenutno radi ali primecujem da ima poteskoca pri radu pa da vidimo o cemu se ovde radi.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014
Ran by Milana (administrator) on MILANA-8285484F on 05-07-2014 08:12:10
Running from C:\Documents and Settings\Milana\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Vimicro) C:\WINDOWS\Domino.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
() C:\Program Files\Opera\22.0.1471.70\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.EXE [49152 2006-06-28] (Vimicro)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2000-01-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-725345543-1078145449-682003330-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
Startup: C:\Documents and Settings\Milana\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Milana\Application Data\Mozilla\Firefox\Profiles\3pnk96nv.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Milana\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-22]

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (No Name) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-04]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [483328 2007-06-06] (ATI Technologies Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-15] (Oracle Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-06-16] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-22] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2155520 2007-06-06] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-27] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
R3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Music Toolbar\Datamngr\setmgrc1.cfg [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
R3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 08:12 - 2014-07-05 08:12 - 00010989 _____ () C:\Documents and Settings\Milana\Desktop\FRST.txt
2014-07-05 08:12 - 2014-07-05 08:12 - 00000000 ____D () C:\FRST
2014-07-05 08:10 - 2014-07-05 08:10 - 01074688 _____ (Farbar) C:\Documents and Settings\Milana\Desktop\FRST.exe
2014-07-04 19:58 - 2014-07-04 19:58 - 00000000 ___HD () C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 20:44 - 2014-07-02 20:44 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\WinRAR
2014-06-29 08:53 - 2014-06-29 08:54 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-24 20:28 - 2014-06-24 20:28 - 00000750 _____ () C:\Documents and Settings\All Users\Desktop\FastStone Capture.lnk
2014-06-24 20:28 - 2014-06-24 20:28 - 00000000 ____D () C:\Program Files\FastStone Capture
2014-06-24 20:28 - 2014-06-24 20:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Capture
2014-06-24 20:27 - 2014-06-24 20:27 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\FastStone
2014-06-17 17:55 - 2014-06-19 17:25 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-17 17:55 - 2014-06-19 17:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-17 17:55 - 2014-06-17 17:55 - 00000000 ____D () C:\Program Files\Adobe
2014-06-15 19:54 - 2014-06-15 19:54 - 00001506 _____ () C:\WINDOWS\system32\reset.log
2014-06-15 19:53 - 2014-06-15 19:53 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-06-15 19:44 - 2014-06-15 20:00 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-06-15 19:44 - 2014-06-15 19:44 - 00000000 ____D () C:\RegBackup
2014-06-15 17:26 - 2014-06-15 17:26 - 00000759 _____ () C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
2014-06-15 12:11 - 2014-06-15 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-15 12:08 - 2014-06-15 12:10 - 00000734 _____ () C:\Documents and Settings\All Users\Desktop\Maxthon Cloud Browser.lnk
2014-06-15 12:08 - 2014-06-15 12:10 - 00000000 ____D () C:\Program Files\Maxthon
2014-06-15 12:08 - 2014-06-15 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Maxthon Cloud Browser
2014-06-15 12:00 - 2014-06-15 12:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2014-06-15 11:53 - 2014-06-15 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 11:53 - 2014-06-15 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-15 11:53 - 2014-06-15 11:52 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-15 11:53 - 2014-06-15 11:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-15 11:53 - 2014-06-15 11:52 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-15 11:53 - 2014-06-15 11:52 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-15 11:53 - 2014-06-15 11:52 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-15 11:52 - 2014-06-15 11:52 - 00000000 ____D () C:\Program Files\Java
2014-06-14 12:09 - 2014-06-14 12:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-06-14 11:18 - 2014-06-14 11:18 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\Unity
2014-06-08 20:15 - 2014-06-08 20:15 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Unity
2014-06-08 19:40 - 2008-04-14 00:15 - 00026368 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbstor.sys
2014-06-08 19:40 - 2008-04-14 00:15 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr

==================== One Month Modified Files and Folders =======

2014-07-05 08:12 - 2014-07-05 08:12 - 00010989 _____ () C:\Documents and Settings\Milana\Desktop\FRST.txt
2014-07-05 08:12 - 2014-07-05 08:12 - 00000000 ____D () C:\FRST
2014-07-05 08:12 - 2014-03-22 07:43 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Temp
2014-07-05 08:10 - 2014-07-05 08:10 - 01074688 _____ (Farbar) C:\Documents and Settings\Milana\Desktop\FRST.exe
2014-07-05 08:09 - 2014-03-22 07:43 - 00000000 ____D () C:\Documents and Settings\Milana
2014-07-05 08:08 - 2014-03-22 09:24 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-05 08:08 - 2014-03-22 07:38 - 00391713 ____N () C:\WINDOWS\WindowsUpdate.log
2014-07-05 08:02 - 2014-06-03 20:36 - 00000426 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1398196038.job
2014-07-05 08:02 - 2014-05-25 12:01 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 08:02 - 2014-05-25 09:17 - 00000048 ____N () C:\WINDOWS\wiaservc.log
2014-07-05 08:02 - 2014-04-22 20:55 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-07-05 08:02 - 2014-04-22 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MCShield
2014-07-05 08:02 - 2014-03-22 09:03 - 00131072 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-07-05 08:02 - 2014-03-22 07:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-05 07:57 - 2014-04-22 21:16 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\Skype
2014-07-05 07:37 - 2014-04-22 21:04 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-05 07:13 - 2014-05-25 12:01 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 07:06 - 2014-04-22 21:16 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-07-05 00:41 - 2014-04-22 21:30 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-07-05 00:41 - 2014-03-22 07:43 - 00000178 ___SH () C:\Documents and Settings\Milana\ntuser.ini
2014-07-05 00:41 - 2014-03-22 07:42 - 00032580 ____N () C:\WINDOWS\SchedLgU.Txt
2014-07-04 19:58 - 2014-07-04 19:58 - 00000000 ___HD () C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-02 20:44 - 2014-07-02 20:44 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\WinRAR
2014-07-02 06:07 - 2014-05-08 17:35 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-06-29 13:52 - 2014-04-26 20:04 - 00023624 _____ () C:\WINDOWS\system32\Drivers\hitmanpro35.sys
2014-06-29 08:55 - 2014-04-22 20:53 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\Malwarebytes
2014-06-29 08:55 - 2014-04-22 20:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-29 08:54 - 2014-06-29 08:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-24 20:28 - 2014-06-24 20:28 - 00000750 _____ () C:\Documents and Settings\All Users\Desktop\FastStone Capture.lnk
2014-06-24 20:28 - 2014-06-24 20:28 - 00000000 ____D () C:\Program Files\FastStone Capture
2014-06-24 20:28 - 2014-06-24 20:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Capture
2014-06-24 20:27 - 2014-06-24 20:27 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\FastStone
2014-06-24 10:53 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-19 17:25 - 2014-06-17 17:55 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 17:25 - 2014-06-17 17:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-19 17:21 - 2014-04-22 21:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-06-18 20:36 - 2014-04-22 21:47 - 00000000 ____D () C:\Program Files\Opera
2014-06-17 18:15 - 2014-04-22 20:40 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\Adobe
2014-06-17 17:55 - 2014-06-17 17:55 - 00000000 ____D () C:\Program Files\Adobe
2014-06-17 17:54 - 2014-04-22 21:02 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Adobe
2014-06-16 13:13 - 2014-05-09 19:44 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-06-15 20:04 - 2014-05-25 09:17 - 00013104 _____ () C:\Documents and Settings\Milana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-15 20:04 - 2014-05-25 09:16 - 00091888 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-15 20:00 - 2014-06-15 19:44 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-06-15 19:58 - 2014-03-22 07:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-15 19:54 - 2014-06-15 19:54 - 00001506 _____ () C:\WINDOWS\system32\reset.log
2014-06-15 19:53 - 2014-06-15 19:53 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-06-15 19:53 - 2014-03-22 07:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-06-15 19:53 - 2014-03-22 07:39 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-06-15 19:53 - 2014-03-22 07:39 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-06-15 19:52 - 2014-04-22 21:24 - 00458340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-15 19:44 - 2014-06-15 19:44 - 00000000 ____D () C:\RegBackup
2014-06-15 18:55 - 2014-04-26 06:55 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Facebook
2014-06-15 17:26 - 2014-06-15 17:26 - 00000759 _____ () C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
2014-06-15 17:26 - 2014-04-22 08:36 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Google
2014-06-15 17:25 - 2014-05-25 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-06-15 17:25 - 2014-04-22 08:36 - 00000000 ____D () C:\Program Files\Google
2014-06-15 17:20 - 2014-04-25 18:55 - 00008704 _____ () C:\Documents and Settings\Milana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-15 12:12 - 2014-04-22 20:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-15 12:11 - 2014-06-15 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-15 12:11 - 2014-04-22 20:50 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-15 12:10 - 2014-06-15 12:08 - 00000734 _____ () C:\Documents and Settings\All Users\Desktop\Maxthon Cloud Browser.lnk
2014-06-15 12:10 - 2014-06-15 12:08 - 00000000 ____D () C:\Program Files\Maxthon
2014-06-15 12:08 - 2014-06-15 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Maxthon Cloud Browser
2014-06-15 12:00 - 2014-06-15 12:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2014-06-15 12:00 - 2014-04-25 20:56 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2014-06-15 12:00 - 2014-04-25 20:56 - 00000000 ____D () C:\Program Files\Defraggler
2014-06-15 11:57 - 2014-04-22 20:49 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-06-15 11:57 - 2014-04-22 20:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-15 11:53 - 2014-06-15 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-15 11:53 - 2014-06-15 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-15 11:52 - 2014-06-15 11:53 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-15 11:52 - 2014-06-15 11:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-15 11:52 - 2014-06-15 11:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-15 11:52 - 2014-06-15 11:53 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-15 11:52 - 2014-06-15 11:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-15 11:52 - 2014-06-15 11:52 - 00000000 ____D () C:\Program Files\Java
2014-06-14 12:09 - 2014-06-14 12:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-06-14 11:18 - 2014-06-14 11:18 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\Unity
2014-06-12 21:24 - 2014-05-25 12:04 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-12 21:20 - 2014-04-22 21:04 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-12 21:20 - 2014-04-22 21:04 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-12 21:14 - 2014-05-10 08:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-11 19:06 - 2014-04-22 21:28 - 00000000 ____D () C:\Documents and Settings\Milana\Application Data\vlc
2014-06-10 18:50 - 2014-04-22 20:55 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Temp
2014-06-08 20:15 - 2014-06-08 20:15 - 00000000 ____D () C:\Documents and Settings\Milana\Local Settings\Application Data\Unity
2014-06-06 12:47 - 2014-06-06 12:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Dopuna: 07 Jul 2014 7:54

Racunar mi i dalje otezano radi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR Extension: (No Name) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-04]
2014-07-04 19:58 - 2014-07-04 19:58 - 00000000 ___HD () C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da sadržaj fixlog.txt kopiraš na forum

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Jul 2014 21:24

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Milana at 2014-07-07 21:20:42 Run:2
Running from C:\Documents and Settings\Milana\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR Extension: (No Name) - C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-04]
2014-07-04 19:58 - 2014-07-04 19:58 - 00000000 ___HD () C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
*****************

C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp directory not found.
"C:\WINDOWS\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp" => File/Directory not found.

==== End of Fixlog ====

Dopuna: 07 Jul 2014 21:25

Samo sam ovo dobio nakon skeniranja

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK. Idemo dalje.


Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Milana :: MILANA-8285484F [administrator]

7/8/2014 7:22:38 AM
mbar-log-2014-07-08 (07-22-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 244809
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada bi trebalo da si čist. Kakvo je stanje na Facebooku tj. da li šalješ taj virus svojim prijateljima?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mnogo bolje radi sada kako smo ovo sve odradili.
Ja nesaljem nikome viruse to je supruga slala sa svog profila jer je klkiknula na neki link od privatnog videa.
Ja jedino redovno dobivam te linkove od mojih prijatelja ali ih neotvaram samo ih sklanjam.

• 1Ovo se svidja korisniku: njuskalo75
  
  Registruj se da bi pohvalio/la poruku!

Onda bi to bilo to.



• Sledeća procedura će implementirati završno čišćenje.

Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Što se tiče usporenosti kompa vidim da imaš samo 1GiB radne memorije što je malo za današnje standarde. Takođe vidim i da imaš instaliran Yahoo Widgets te ga deinstaliraj ako ga ne koristiš.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve odradjeno o prema upustvu.
Hvala i Veliki pozdrav !