Sumnja na keylogger?

Sumnja na keylogger?

offline
  • Pridružio: 18 Nov 2014
  • Poruke: 1

Постоји сумња да је на рачунару инсталиран неки keylogger, па да ли се то може проверити?
mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 01
Ran by PF (administrator) on STAMPARIJA (16-10-2015 08:41:25)
Running from C:\Documents and Settings\PF\Desktop
Loaded Profiles: PF (Available Profiles: PF & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Documents and Settings\All Users\Application Data\HiSuiteOuc\HiSuiteOuc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(X-Rite Inc.) C:\Program Files\X-Rite\Devices\Services\xrdd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143176 2013-04-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-09] (AVAST Software)
HKU\S-1-5-21-725345543-2052111302-1417001333-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-725345543-2052111302-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-725345543-2052111302-1417001333-1003\...\MountPoints2: {775d726d-4bba-11e5-a01c-002522c5c438} - G:\Lenovo_Suite.exe
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-09] (AVAST Software)
BootExecute: autocheck autochk /p \??\G:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 12 %windir%\system32\vsocklib.dll No File
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D66D5EE7-0F66-4888-9AD7-5EE426851DF7}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-725345543-2052111302-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-725345543-2052111302-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-725345543-2052111302-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-725345543-2052111302-1417001333-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-09] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-08] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-725345543-2052111302-1417001333-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-16] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-08-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-09]

Chrome:
=======
CHR StartupUrls: Profile 2 -> "hxxp://www.google.rs/"
CHR Profile: C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-09]
CHR Extension: (YouTube) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-09]
CHR Extension: (Google Search) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-09]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-14]
CHR Extension: (Google Sheets) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09]
CHR Extension: (Gmail) - C:\Documents and Settings\PF\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-09] (AVAST Software)
S4 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 HiSuiteOuc.exe; C:\Documents and Settings\All Users\Application Data\HiSuiteOuc\HiSuiteOuc.exe [117552 2015-03-31] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 SAiLicSvr; C:\WINDOWS\system32\SAiLicSvr.exe [86016 2007-12-19] (SA International) [File not signed]
S4 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [369952 2009-09-17] (SafeNet, Inc.)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S4 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-12-23] (RaMMicHaeL)
R2 xrdd.exe; C:\Program Files\X-Rite\Devices\Services\xrdd.exe [203600 2012-03-08] (X-Rite Inc.)
S2 Abel; c:\Program Files\Cain\Abel.exe [X]
S2 HuaweiHiSuiteService.exe; "C:\Documents and Settings\All Users\Application Data\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [358400 2010-04-13] (SafeNet Inc.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [543712 2007-03-27] (Atheros Communications, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-09] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-09] (AVAST Software)
S3 ATUSB; C:\WINDOWS\System32\Drivers\atusb.sys [14848 2003-10-21] () [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 i1; C:\WINDOWS\System32\Drivers\i1.sys [26045 2012-03-08] (GretagMacbeth)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2011-02-14] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2011-02-14] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2011-02-14] (Marvell Semiconductor Inc.)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [10240 2012-03-28] (Nicomsoft Ltd.) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2015-03-09] (Huawei Technologies Co., Ltd.)
S2 Par1284; \??\C:\Program Files\SAi\SAi Production Suite\Program\Par1284.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 08:38 - 2015-10-16 08:41 - 00016258 _____ C:\Documents and Settings\PF\Desktop\FRST.txt
2015-10-16 08:38 - 2015-10-16 08:41 - 00000000 ____D C:\FRST
2015-10-16 08:37 - 2015-10-16 08:37 - 01700352 _____ (Farbar) C:\Documents and Settings\PF\Desktop\FRST.exe
2015-10-10 08:37 - 2015-10-10 08:42 - 00000000 ____D C:\Program Files\HP
2015-10-10 08:37 - 2015-10-10 08:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2015-10-10 08:03 - 2015-10-10 08:03 - 00000000 ____D C:\Documents and Settings\PF\Application Data\AVAST Software
2015-10-09 08:37 - 2015-10-09 08:37 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-10-09 08:37 - 2015-10-09 08:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-10-09 08:35 - 2015-10-16 08:35 - 00000356 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-10-09 08:35 - 2015-10-09 08:34 - 00789296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00434184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00157888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-09 08:35 - 2015-10-09 08:34 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-09 08:34 - 2015-10-09 08:34 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-09 08:34 - 2015-10-09 08:34 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-09 08:30 - 2015-10-09 08:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-09 08:29 - 2015-10-09 08:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-10-08 15:57 - 2015-10-08 15:57 - 00098064 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-07 12:20 - 2015-10-07 12:20 - 00001812 _____ C:\Documents and Settings\PF\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-03 08:21 - 2015-10-05 12:24 - 00000000 ____D C:\Documents and Settings\PF\Application Data\ViberPC
2015-10-03 08:21 - 2015-10-03 08:21 - 00000920 _____ C:\Documents and Settings\PF\Start Menu\Programs\Viber.lnk
2015-10-03 08:21 - 2015-10-03 08:21 - 00000914 _____ C:\Documents and Settings\PF\Desktop\Viber.lnk
2015-10-03 08:20 - 2015-10-05 12:24 - 00000000 ____D C:\Documents and Settings\PF\Local Settings\Application Data\Viber
2015-10-02 11:33 - 2015-10-02 11:37 - 00000000 ____D C:\AdwCleaner
2015-10-02 11:31 - 2015-10-02 11:31 - 01670656 _____ C:\Documents and Settings\PF\Desktop\adwcleaner_5.009.exe
2015-09-26 12:07 - 2015-09-26 12:07 - 00000000 ____D C:\Documents and Settings\PF\Application Data\dvdcss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 08:41 - 2013-08-17 18:28 - 00000000 ____D C:\Documents and Settings\PF\Local Settings\Temp
2015-10-16 08:22 - 2014-05-18 13:27 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-16 08:18 - 2013-08-17 19:55 - 00010588 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-10-16 08:10 - 2013-08-17 18:10 - 01810456 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-16 08:05 - 2013-08-21 15:00 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-16 08:04 - 2014-11-05 15:01 - 00000398 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1389606668.job
2015-10-16 08:04 - 2014-02-12 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2015-10-16 08:04 - 2014-01-13 11:51 - 00000000 ____D C:\Program Files\Opera
2015-10-16 08:03 - 2014-04-04 18:09 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-16 08:03 - 2013-08-21 14:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 08:03 - 2013-08-17 20:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-10-16 08:03 - 2013-08-17 20:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-10-16 08:03 - 2013-08-17 18:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-16 08:03 - 2008-04-14 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-15 15:55 - 2013-08-17 18:28 - 00000178 ___SH C:\Documents and Settings\PF\ntuser.ini
2015-10-15 15:55 - 2013-08-17 18:27 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-15 15:00 - 2013-08-21 14:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 13:12 - 2014-01-27 10:42 - 00001456 _____ C:\Documents and Settings\PF\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2015-10-15 09:47 - 2013-08-17 20:07 - 00001073 _____ C:\WINDOWS\8250BPlus.INI
2015-10-14 16:03 - 2014-02-13 11:41 - 00000000 ____D C:\Documents and Settings\PF\Application Data\uTorrent
2015-10-14 15:33 - 2013-08-17 18:28 - 00000000 ____D C:\Documents and Settings\PF
2015-10-12 14:58 - 2015-03-04 09:22 - 00002586 _____ C:\cc_20150304_082247.reg
2015-10-12 13:45 - 2015-02-11 15:54 - 00000000 ____D C:\Program Files\WinPcap
2015-10-12 08:55 - 2013-08-17 20:22 - 00000000 ____D C:\Documents and Settings\PF\Local Settings\Application Data\Adobe
2015-10-10 15:55 - 2014-03-25 22:12 - 00234784 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-10-10 08:02 - 2013-08-17 18:27 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-10-09 08:29 - 2013-08-17 18:29 - 00098064 _____ C:\Documents and Settings\PF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-10-08 16:02 - 2014-02-27 14:57 - 00000000 ____D C:\Documents and Settings\PF\Application Data\TeamViewer
2015-10-08 16:02 - 2013-09-20 16:53 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-08 15:59 - 2014-05-18 10:27 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-10-08 15:59 - 2014-05-18 10:27 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-10-08 15:57 - 2013-08-17 19:59 - 00000211 ___SH C:\boot.ini
2015-10-08 15:56 - 2014-05-18 10:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2015-10-08 15:00 - 2014-04-04 18:09 - 00000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-10-08 12:59 - 2014-02-23 16:41 - 00000000 ____D C:\Documents and Settings\PF\Application Data\vlc
2015-10-07 12:38 - 2013-08-17 20:00 - 03703312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-07 12:34 - 2013-08-17 18:08 - 00000000 ____D C:\WINDOWS\Registration
2015-10-07 12:32 - 2013-08-17 20:01 - 00634646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-07 12:32 - 2013-08-17 18:11 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-07 12:32 - 2013-08-17 18:11 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-05 08:11 - 2008-04-14 13:00 - 00000626 _____ C:\WINDOWS\win.ini
2015-10-05 08:11 - 2008-04-14 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-03 15:59 - 2014-02-21 14:48 - 02571014 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-2052111302-1417001333-1003-0.dat
2015-10-03 15:59 - 2014-02-19 18:12 - 00419526 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-01 12:18 - 2015-02-11 10:54 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-01 12:18 - 2014-05-18 13:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-01 12:18 - 2014-05-18 13:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 10:55 - 2013-08-19 12:53 - 00000000 ____D C:\Program Files\TeamViewer
2015-09-23 09:27 - 2014-10-29 15:01 - 00000000 ____D C:\Documents and Settings\PF\Desktop\Tor Browser
2015-09-17 11:26 - 2014-09-26 10:54 - 00000000 ____D C:\Documents and Settings\PF\Desktop\Desktop sa znakom pitanja

==================== Files in the root of some directories =======

2013-12-14 10:32 - 2013-10-02 07:08 - 6583664 _____ (AVAST Software) C:\Program Files\AVAST
2014-01-22 16:19 - 2014-01-22 16:20 - 0000132 _____ () C:\Documents and Settings\PF\Application Data\Adobe IllExport Filter CS6 Prefs
2013-08-19 16:52 - 2015-04-04 09:53 - 0000132 _____ () C:\Documents and Settings\PF\Application Data\Adobe PNG Format CS6 Prefs
2014-11-03 16:26 - 2014-11-03 16:26 - 0009335 _____ () C:\Documents and Settings\PF\Application Data\Microsoft Excel 97-2003.EML
2014-01-27 10:42 - 2015-10-15 13:12 - 0001456 _____ () C:\Documents and Settings\PF\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2013-08-29 10:17 - 2014-10-15 12:58 - 0038912 _____ () C:\Documents and Settings\PF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-11 15:13 - 2014-03-11 15:13 - 0000218 _____ () C:\Documents and Settings\PF\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Vidim ostatak programa Cain & Abel koji je stanju da provaljuje lozinke.


Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

S2 Abel; c:\Program Files\Cain\Abel.exe [X]
c:\Program Files\Cain
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Fix result of Farbar Recovery Scan Tool (x86) Version:15-10-2015 01
Ran by PF (2015-10-17 08:08:08) Run:1
Running from C:\Documents and Settings\PF\Desktop
Loaded Profiles: PF (Available Profiles: PF & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
S2 Abel; c:\Program Files\Cain\Abel.exe [X]
c:\Program Files\Cain
EmptyTemp:
*****************

Abel => service removed successfully.
"c:\Program Files\Cain" => File/Folder not found.
EmptyTemp: => 739.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:08:26 ====




https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Oprosti na kasnom odgovoru.

Kavko je sada stanje sistema?

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Коректно, хвала

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Obavićemo još jednu provjeru.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Napisano: 23 Okt 2015 11:32

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 23 Okt 2015 11:34

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.10.23.02
rootkit: v2015.10.16.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PF :: STAMPARIJA [administrator]

23.10.2015 11:15:19
mbar-log-2015-10-23 (11-15-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 325099
Time elapsed: 16 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bil oto. Promjeni lozinke za svaki skučaj.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Захваљујем!

Ko je trenutno na forumu
 

Ukupno su 537 korisnika na forumu :: 45 registrovanih, 2 sakrivenih i 490 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _commandos_, _Rade, _Sale, AleksSE, Andrija357, Bahuss, Boris90, Cirkon, darkangel, denisnapast2015, dragoljub11987, Faki-Valjevo, FOX, gorantrojka, goxin, h8propaganda, Hoegaarden, HrcAk47, ikan, kovinacc, kuntalo, Marko Marković, mačković, MB120mm, Mihajlo, milekNS, naki011, nemkea71, nenad81, pavle_pzs, pedja63, Pohovani_00, raketaš, riva, Singidunumac, Sirius, Srki94, stalker, Steeeefan, stegonosa, suton, Toni, VJ, xJeremijAx