MyCity » Ambulanta -> Arhiva Ambulante » Virus?

Virus?

Napisano na dan: 27.4.2017
1

Virus?
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Apr 2017 19:54
Idi na vrh
offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

Kada udjem na google chrome i kliknem na neku stranicu,izbaci mi novi tab sa nekom lijevom adresom (kao kada gledam film pa one reklame izbacuje).Isto tako i kada upalim youtube,pustim pjesmu pa kada kliknem na stranicu otvori mi neku novu



Poslao: 28 Apr 2017 00:07
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav,

Potrebno je da ispratiš uputstvo za otvaranje teme i psotaviš tražene izvještaje.
[Link mogu videti samo ulogovani korisnici]



Poslao: 29 Apr 2017 18:23
Idi na vrh
offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

-kada god otvorim neku stranicu na guglu,sam mi prebaci na neku drugu.Svaki put tako.
-Pocelo je prije par dana
-
[Link mogu videti samo ulogovani korisnici] ne mogu nista rijesiti jer koristim free
-pokusao sam i sa Combofix ali nista


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by pc (administrator) on PC-PC (29-04-2017 19:17:50)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-22] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-27] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-27] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{25440647-EF6C-44D0-AD0A-8D9C797C4210}: [DhcpNameServer] 89.216.1.40 89.216.1.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-145338054-3010530505-2361780430-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-27] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-145338054-3010530505-2361780430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> bing.com/?mkt=en-US&pc=__PARAM__
CHR StartupUrls: Profile 1 -> "hxxp://www.google.rs/","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> [Link mogu videti samo ulogovani korisnici]{searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-14]
CHR Extension: (Avast SafePrice) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-14]
CHR Extension: (Proxy Bay) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabelodkfbnigmjdlhdjcbjoimjjmap [2014-11-20]
CHR Extension: (Soccer Manager Worlds) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpemkngoajegcbamebdmnkjoalpofpbj [2017-02-14]
CHR Extension: (Epic Fighter) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\majaecddeigijmbiljndkihfoobabpmo [2016-01-27]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-29]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Proxy Bay) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabelodkfbnigmjdlhdjcbjoimjjmap [2016-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Cycling at the 2016 Olympics) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ondaofgcoiahcegjbhgmjdaefnocnglc [2017-04-26]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-29]
CHR HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - [Link mogu videti samo ulogovani korisnici]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - [Link mogu videti samo ulogovani korisnici]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-27] (AVAST Software)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-27] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-27] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [78840 2016-09-22] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-28] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-04-27] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507416 2017-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-27] (AVAST Software)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-01-10] (Realtek Semiconductor Corporation )
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 19:17 - 2017-04-29 19:18 - 00015891 _____ C:\Users\pc\Desktop\FRST.txt
2017-04-29 19:17 - 2017-04-29 19:17 - 00000000 ____D C:\FRST
2017-04-29 19:16 - 2017-04-29 19:17 - 02427392 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2017-04-29 15:50 - 2017-04-29 15:50 - 00000000 ____D C:\Users\pc\AppData\Roaming\Google
2017-04-29 15:42 - 2017-04-29 15:42 - 00016342 _____ C:\ComboFix.txt
2017-04-28 21:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-28 21:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-28 21:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-28 21:06 - 2017-04-29 15:42 - 00000000 ____D C:\Qoobox
2017-04-28 21:05 - 2017-04-28 21:21 - 00000000 ____D C:\Windows\erdnt
2017-04-28 21:05 - 2017-04-28 20:56 - 05659609 ____R (Swearware) C:\Users\pc\Desktop\ComboFix.exe
2017-04-27 21:02 - 2017-04-27 21:02 - 00000000 ____D C:\Users\pc\AppData\Local\AVAST Software
2017-04-27 19:43 - 2017-04-27 19:43 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-04-27 19:43 - 2017-04-27 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-27 19:42 - 2017-04-27 19:42 - 00507416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswnetsec.sys
2017-04-27 19:42 - 2017-04-27 19:41 - 00505880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswnetsec.sys.149331493483504
2017-04-27 19:41 - 2017-04-27 19:41 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-04-27 19:41 - 2017-04-27 19:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-27 19:33 - 2017-04-27 19:42 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-27 19:33 - 2017-04-27 19:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 19:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-29 16:11 - 2014-09-26 18:35 - 00000382 _____ C:\Windows\Tasks\update-sys.job
2017-04-29 15:49 - 2014-09-25 21:17 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-29 15:44 - 2014-09-26 18:35 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-145338054-3010530505-2361780430-1000.job
2017-04-29 15:38 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-29 11:20 - 2014-09-25 21:17 - 00003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 11:20 - 2014-09-25 21:17 - 00003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 21:44 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:44 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-28 21:09 - 2009-07-14 07:13 - 00787222 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 19:42 - 2015-04-06 12:32 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-04-28 19:42 - 2015-04-06 12:32 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-04-27 20:59 - 2014-09-25 21:23 - 00000000 ____D C:\Program Files (x86)\GRETECH
2017-04-27 20:57 - 2016-09-16 12:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-27 20:57 - 2016-09-16 12:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 20:57 - 2016-09-16 12:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-27 20:57 - 2016-09-16 12:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-27 20:57 - 2014-11-21 01:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-27 19:43 - 2016-03-15 00:16 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1457993801
2017-04-27 19:42 - 2014-09-25 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-27 19:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-27 19:33 - 2015-04-06 12:32 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-27 19:32 - 2016-03-14 23:32 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-27 19:32 - 2015-04-06 12:32 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-27 12:19 - 2015-01-28 16:40 - 00000000 ____D C:\ProgramData\Oracle
2017-04-27 12:16 - 2015-01-28 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-27 12:16 - 2015-01-28 16:40 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-27 12:14 - 2015-01-28 16:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-19 11:41 - 2014-09-25 21:48 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2017-04-19 10:40 - 2015-04-22 02:14 - 00000000 ____D C:\Users\pc\Desktop\NEMANJA
2017-04-17 11:37 - 2014-09-26 18:35 - 00003278 _____ C:\Windows\System32\Tasks\update-sys
2017-04-17 11:08 - 2014-09-26 18:35 - 00003250 _____ C:\Windows\System32\Tasks\update-S-1-5-21-145338054-3010530505-2361780430-1000
2017-04-17 11:08 - 2014-09-26 18:35 - 00000424 _____ C:\Users\pc\AppData\Local\UserProducts.xml
2017-04-12 09:52 - 2015-07-16 10:37 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 09:51 - 2016-02-17 12:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-09 10:37 - 2014-11-23 21:11 - 00000000 ____D C:\Users\pc\AppData\Local\ElevatedDiagnostics
2017-03-30 01:34 - 2015-01-09 23:53 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-26 18:35 - 2014-09-26 18:35 - 0000003 _____ () C:\Users\pc\AppData\Local\updater.log
2014-09-26 18:35 - 2017-04-17 11:08 - 0000424 _____ () C:\Users\pc\AppData\Local\UserProducts.xml
2014-09-25 21:36 - 2014-09-25 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-23 00:10

==================== End of FRST.txt ============================

Poslao: 29 Apr 2017 21:16
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Ko ti je rekao da pokrećeš ComboFix? Ubuduće ga ne pokreći na svoju ruku.

Postavi mi C:\ComboFix.txt.



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Epic Fighter) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\majaecddeigijmbiljndkihfoobabpmo [2016-01-27]
CHR Extension: (Cycling at the 2016 Olympics) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ondaofgcoiahcegjbhgmjdaefnocnglc [2017-04-26]
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Poslao: 29 Apr 2017 22:44
Idi na vrh
offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

Napisano: 29 Apr 2017 23:34

[Link mogu videti samo ulogovani korisnici]

Dopuna: 29 Apr 2017 23:44

[Link mogu videti samo ulogovani korisnici]

Poslao: 29 Apr 2017 23:38
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sad stanje sistema?




Arrow

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Poslao: 30 Apr 2017 09:52
Idi na vrh
offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

cini mi se da se vratilo u normalu.Samo sto ne mogu da pokrenem ovaj Adwcleaner,ovo mi izbacuje

[Link mogu videti samo ulogovani korisnici]

Poslao: 30 Apr 2017 09:59
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.


• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

Poslao: 30 Apr 2017 11:00
Idi na vrh
offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

[Link mogu videti samo ulogovani korisnici]

Poslao: 30 Apr 2017 16:26
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.



Arrow

Preporučujem ti da instaliraš Service Pack 1 za tvoj Windows 7 operativni sistem.
Možeš ga preuzeti sa ovog linka:

Windows 7 SP1 x64

MyCity » Ambulanta -> Arhiva Ambulante » Virus?

Ko je trenutno na forumu
 

Ukupno su 984 korisnika na forumu :: 127 registrovanih, 11 sakrivenih i 846 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 6footboy, A.R.Chafee.Jr., abramac, airliners, AleksandarV, Andrija357, Apok, ArmFPGA, Aska, Baždaranac, Beanara, berste23, Black Luster Soldier, BLACKBIRD201284, blankspace, Bodin86, Bojan198527, bojank, Bojcca, Bradonja89, CHARLIE JA., Cicumile, CikaKURE, comi, crnogorac, croato, CVOJ 410.lad PVO, d.arsenal321, darkkran, Darko Jovanovic, dejan.7951, delboy, Devil city 1989, DezurniOperativni, Dioniss, Dogma21, dragan_mig31, draganche.rs, drale12, dzoni19, Džekson, grenadir, Hardenberg, immicro, IpMan, Jeremiah, JK, Joint Chief, Jomini, Jose, Kajzer Soze, kenny74, Komentator, kuntakinte, ladro, Laluvr, Lazarus, Lieutenant, Litostroton, Ljusa, loon123, Lotus, M74AB3, Magistar78, Makarid, Marko00, markolopin, maxim_von_burdengate, mačković, mercedesamg, milanpb, milikonst, MILO-VAN, mist-mist, mkukoleca, mnn2, moldway, mrkanidja, narandzasti, nemkea71, nisamBot, NislijaBre, nixos, Nmr, Nomica, obsc, ostoja, Panter, pceklic, Pekman, Permaldar, Perudin_92, Petarvu, picknick, Pilipenda, ping15, Polemarchoi, sajorg, sale76, sales, SANDRO1973, saputnik plavetnila, Sarmat, Seeker, silikon, Siti2, siwoti, Smiljkovich, snikolic, Snorks, Sr.Stat., Srna, sslay, tachinni, tamno.nebo, Toper, Tvrtko I, vaci, vaso1, vathra, vensla, vlahale, Volfero, Volkhov-M, VPV, zeka013, zziko