Virus?

1

Virus?

offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

Kada udjem na google chrome i kliknem na neku stranicu,izbaci mi novi tab sa nekom lijevom adresom (kao kada gledam film pa one reklame izbacuje).Isto tako i kada upalim youtube,pustim pjesmu pa kada kliknem na stranicu otvori mi neku novu

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav,

Potrebno je da ispratiš uputstvo za otvaranje teme i psotaviš tražene izvještaje.
https://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

-kada god otvorim neku stranicu na guglu,sam mi prebaci na neku drugu.Svaki put tako.
-Pocelo je prije par dana
-
prntscr.com/f29p0i ne mogu nista rijesiti jer koristim free
-pokusao sam i sa Combofix ali nista


mycity.rs/must-login.png

mycity.rs/must-login.png


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by pc (administrator) on PC-PC (29-04-2017 19:17:50)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2013-08-22] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-27] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-27] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50
Tcpip\..\Interfaces\{25440647-EF6C-44D0-AD0A-8D9C797C4210}: [DhcpNameServer] 89.216.1.40 89.216.1.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-145338054-3010530505-2361780430-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-27] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-145338054-3010530505-2361780430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> bing.com/?mkt=en-US&pc=__PARAM__
CHR StartupUrls: Profile 1 -> "hxxp://www.google.rs/","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-14]
CHR Extension: (Avast SafePrice) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-14]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-14]
CHR Extension: (Proxy Bay) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpabelodkfbnigmjdlhdjcbjoimjjmap [2014-11-20]
CHR Extension: (Soccer Manager Worlds) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpemkngoajegcbamebdmnkjoalpofpbj [2017-02-14]
CHR Extension: (Epic Fighter) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\majaecddeigijmbiljndkihfoobabpmo [2016-01-27]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-14]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-29]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Proxy Bay) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpabelodkfbnigmjdlhdjcbjoimjjmap [2016-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Cycling at the 2016 Olympics) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ondaofgcoiahcegjbhgmjdaefnocnglc [2017-04-26]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-29]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-29]
CHR HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-04-27] (AVAST Software)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-27] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-27] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [78840 2016-09-22] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-04-28] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-04-27] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507416 2017-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-27] (AVAST Software)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3073752 2014-01-10] (Realtek Semiconductor Corporation )
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 19:17 - 2017-04-29 19:18 - 00015891 _____ C:\Users\pc\Desktop\FRST.txt
2017-04-29 19:17 - 2017-04-29 19:17 - 00000000 ____D C:\FRST
2017-04-29 19:16 - 2017-04-29 19:17 - 02427392 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2017-04-29 15:50 - 2017-04-29 15:50 - 00000000 ____D C:\Users\pc\AppData\Roaming\Google
2017-04-29 15:42 - 2017-04-29 15:42 - 00016342 _____ C:\ComboFix.txt
2017-04-28 21:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-28 21:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-28 21:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-28 21:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-28 21:06 - 2017-04-29 15:42 - 00000000 ____D C:\Qoobox
2017-04-28 21:05 - 2017-04-28 21:21 - 00000000 ____D C:\Windows\erdnt
2017-04-28 21:05 - 2017-04-28 20:56 - 05659609 ____R (Swearware) C:\Users\pc\Desktop\ComboFix.exe
2017-04-27 21:02 - 2017-04-27 21:02 - 00000000 ____D C:\Users\pc\AppData\Local\AVAST Software
2017-04-27 19:43 - 2017-04-27 19:43 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-04-27 19:43 - 2017-04-27 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-27 19:42 - 2017-04-27 19:42 - 00507416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswnetsec.sys
2017-04-27 19:42 - 2017-04-27 19:41 - 00505880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswnetsec.sys.149331493483504
2017-04-27 19:41 - 2017-04-27 19:41 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-04-27 19:41 - 2017-04-27 19:33 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-27 19:33 - 2017-04-27 19:42 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-27 19:33 - 2017-04-27 19:32 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-27 19:33 - 2017-04-27 19:32 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-17 11:08 - 2017-04-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 19:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-29 16:11 - 2014-09-26 18:35 - 00000382 _____ C:\Windows\Tasks\update-sys.job
2017-04-29 15:49 - 2014-09-25 21:17 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-29 15:44 - 2014-09-26 18:35 - 00000382 _____ C:\Windows\Tasks\update-S-1-5-21-145338054-3010530505-2361780430-1000.job
2017-04-29 15:38 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-29 11:20 - 2014-09-25 21:17 - 00003362 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 11:20 - 2014-09-25 21:17 - 00003234 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 21:44 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:44 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-28 21:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-28 21:09 - 2009-07-14 07:13 - 00787222 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-28 19:42 - 2015-04-06 12:32 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-04-28 19:42 - 2015-04-06 12:32 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-04-27 20:59 - 2014-09-25 21:23 - 00000000 ____D C:\Program Files (x86)\GRETECH
2017-04-27 20:57 - 2016-09-16 12:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-27 20:57 - 2016-09-16 12:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 20:57 - 2016-09-16 12:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-27 20:57 - 2016-09-16 12:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-27 20:57 - 2014-11-21 01:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-27 19:43 - 2016-03-15 00:16 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1457993801
2017-04-27 19:42 - 2014-09-25 21:27 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-27 19:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-27 19:33 - 2015-04-06 12:32 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-27 19:33 - 2015-04-06 12:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-27 19:32 - 2016-03-14 23:32 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-27 19:32 - 2015-04-06 12:32 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-27 12:19 - 2015-01-28 16:40 - 00000000 ____D C:\ProgramData\Oracle
2017-04-27 12:16 - 2015-01-28 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-27 12:16 - 2015-01-28 16:40 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-27 12:14 - 2015-01-28 16:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-19 11:41 - 2014-09-25 21:48 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2017-04-19 10:40 - 2015-04-22 02:14 - 00000000 ____D C:\Users\pc\Desktop\NEMANJA
2017-04-17 11:37 - 2014-09-26 18:35 - 00003278 _____ C:\Windows\System32\Tasks\update-sys
2017-04-17 11:08 - 2014-09-26 18:35 - 00003250 _____ C:\Windows\System32\Tasks\update-S-1-5-21-145338054-3010530505-2361780430-1000
2017-04-17 11:08 - 2014-09-26 18:35 - 00000424 _____ C:\Users\pc\AppData\Local\UserProducts.xml
2017-04-12 09:52 - 2015-07-16 10:37 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 09:51 - 2016-02-17 12:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-09 10:37 - 2014-11-23 21:11 - 00000000 ____D C:\Users\pc\AppData\Local\ElevatedDiagnostics
2017-03-30 01:34 - 2015-01-09 23:53 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-30 01:34 - 2015-01-09 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-09-26 18:35 - 2014-09-26 18:35 - 0000003 _____ () C:\Users\pc\AppData\Local\updater.log
2014-09-26 18:35 - 2017-04-17 11:08 - 0000424 _____ () C:\Users\pc\AppData\Local\UserProducts.xml
2014-09-25 21:36 - 2014-09-25 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-23 00:10

==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Ko ti je rekao da pokrećeš ComboFix? Ubuduće ga ne pokreći na svoju ruku.

Postavi mi C:\ComboFix.txt.



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-145338054-3010530505-2361780430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Epic Fighter) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\majaecddeigijmbiljndkihfoobabpmo [2016-01-27]
CHR Extension: (Cycling at the 2016 Olympics) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ondaofgcoiahcegjbhgmjdaefnocnglc [2017-04-26]
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

Napisano: 29 Apr 2017 23:34

mycity.rs/must-login.png

Dopuna: 29 Apr 2017 23:44

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sad stanje sistema?




Arrow

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

cini mi se da se vratilo u normalu.Samo sto ne mogu da pokrenem ovaj Adwcleaner,ovo mi izbacuje

prntscr.com/f2h3tl

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

offline
  • Pridružio: 27 Apr 2017
  • Poruke: 7

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sljedeće:

ComboFix /Uninstall

Primjeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.




Arrow

Preporučujem ti da instaliraš Service Pack 1 za tvoj Windows 7 operativni sistem.
Možeš ga preuzeti sa ovog linka:

Windows 7 SP1 x64

Ko je trenutno na forumu
 

Ukupno su 1350 korisnika na forumu :: 26 registrovanih, 2 sakrivenih i 1322 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, Bane san, Bobrock1, Boris BM, Dorcolac, draganca, FileFinder, ILGromovnik, Istman, Ivica1102, jackreacher011011, janbo, Joja2, kovinacc, kraJo, Mi lao shu, Panter, raketaš, Sloven, Srky Boy, suton, taz1cl, vasa.93, vladulns, wolf1, zlatkoa987