MyCity » Ambulanta -> Arhiva Ambulante » Virus ili Malware

Virus ili Malware

Napisano na dan: 24.10.2015

Virus ili Malware
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Okt 2015 18:31
Idi na vrh
offline
  • Pridružio: 24 Okt 2015
  • Poruke: 5

Drugar me uputio na Vas uz jako dobru preporuku i misljenje da mi mozete pomoci oko virusa ili malware na mom lap topu. Unapred hvala.

Poslao: 24 Okt 2015 18:34
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Dobrodosao na MC,

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 24 Okt 2015 21:00
Idi na vrh
offline
  • Pridružio: 24 Okt 2015
  • Poruke: 5

Hvala, bolje vas nasao!

Poslao: 24 Okt 2015 21:05
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Isprati uputstvo za postavljanje FRST logova sa mog prethodnog posta.

Poslao: 24 Okt 2015 21:24
Idi na vrh
offline
  • Pridružio: 24 Okt 2015
  • Poruke: 5

Napisano: 24 Okt 2015 21:20

mycity.rs/must-login.png

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-10-2015
Ran by Korisnik (administrator) on KORISNIK-PC (24-10-2015 21:05:45)
Running from C:\Users\Korisnik\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: engleski (SAD)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Vip mobilni internet\AssistantServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Vip mobilni internet\CancelAutoPlay.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Vip mobilni internet\UIExec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\Vip mobilni internet\UIMain.exe
() C:\Program Files\Vip mobilni internet\CMUpdater.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [CancelAutoPlay] => C:\Program Files\Vip mobilni internet\CancelAutoPlay.exe [414544 2012-03-12] ()
HKLM\...\Run: [UIExec] => C:\Program Files\Vip mobilni internet\UIExec.exe [156448 2012-05-11] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-26] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e0e8-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e7e6-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-26] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.85.64.173 10.85.64.174
Tcpip\..\Interfaces\{02B23615-3DBC-41AF-935E-6FB0DFBED44E}: [DhcpNameServer] 10.85.64.173 10.85.64.174
Tcpip\..\Interfaces\{4626E197-C091-4482-9619-156E9F6E22F4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-21] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x317si3d.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x317si3d.default\user.js [2015-03-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-26] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-10]
CHR Extension: (Google документи) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-10]
CHR Extension: (Google диск) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Google табеле) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-10]
CHR Extension: (Google документи офлајн) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Pumpon) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\haolbibbaablcehodkafnelndogifafa [2015-10-20]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-10]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-26] (Avast Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 UI Assistant Service; C:\Program Files\Vip mobilni internet\AssistantServices.exe [274760 2012-08-02] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-26] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-10-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-26] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-26] (Avast Software)
R3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [116736 2012-02-06] (ZTE Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 21:05 - 2015-10-24 21:06 - 00011851 _____ C:\Users\Korisnik\Desktop\FRST.txt
2015-10-24 21:05 - 2015-10-24 21:05 - 00000000 ____D C:\FRST
2015-10-24 21:04 - 2015-10-24 21:05 - 01700352 _____ (Farbar) C:\Users\Korisnik\Desktop\FRST.exe
2015-10-24 18:56 - 2015-10-24 18:56 - 00146464 _____ C:\Windows\Minidump\102415-37143-01.dmp
2015-10-24 18:56 - 2015-10-24 18:56 - 00000000 ____D C:\Windows\Minidump
2015-10-24 18:47 - 2015-10-24 18:56 - 00000516 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ea306007-8ca4-4a79-84c4-14122e6400bd.job
2015-10-24 18:47 - 2015-10-24 18:56 - 00000516 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0adb0049-9a64-497b-a7db-81d4729bdafa.job
2015-10-24 18:47 - 2015-10-24 18:47 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\SUPERAntiSpyware.com
2015-10-24 18:46 - 2015-10-24 18:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-24 18:46 - 2015-10-24 18:46 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-10-24 18:46 - 2015-10-24 18:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-24 18:46 - 2015-10-24 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-22 10:13 - 2015-10-22 10:13 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-20 21:04 - 2015-10-23 22:18 - 00000000 ____D C:\Users\Korisnik\Desktop\Za skidanje
2015-10-20 21:04 - 2015-10-23 21:45 - 00000000 ____D C:\Users\Korisnik\Desktop\Skinuto
2015-10-08 10:35 - 2015-10-08 10:35 - 00000000 ___RD C:\Program Files\Skype
2015-10-08 10:35 - 2015-10-08 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-08 10:35 - 2015-10-08 10:35 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-26 12:22 - 2015-09-26 12:22 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-26 12:22 - 2015-09-26 12:22 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 21:03 - 2015-03-11 21:16 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 20:38 - 2015-03-11 04:23 - 02030649 _____ C:\Windows\WindowsUpdate.log
2015-10-24 20:33 - 2015-08-15 10:09 - 00006440 _____ C:\Windows\setupact.log
2015-10-24 20:33 - 2015-03-10 20:49 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-24 20:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-24 20:26 - 2015-03-10 20:49 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-24 20:10 - 2015-03-10 20:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-24 19:59 - 2015-03-11 14:16 - 00000000 ____D C:\Program Files\Vip mobilni internet
2015-10-23 22:28 - 2015-05-22 21:25 - 00000000 ____D C:\KMPlayer
2015-10-22 10:14 - 2015-03-10 20:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-22 10:14 - 2015-03-10 20:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-22 10:12 - 2015-08-24 10:02 - 00000000 ____D C:\Users\Korisnik\.oracle_jre_usage
2015-10-22 10:12 - 2015-03-10 20:51 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-10-22 10:12 - 2015-03-10 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-22 10:11 - 2015-03-10 20:50 - 00000000 ____D C:\Program Files\Java
2015-10-22 10:01 - 2015-03-10 20:51 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 13:35 - 2015-03-10 20:50 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-10-21 10:32 - 2010-11-20 23:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 12:03 - 2015-03-11 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-19 12:03 - 2015-03-11 21:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-19 10:19 - 2015-05-22 21:29 - 00001139 _____ C:\Users\Korisnik\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-10-15 11:21 - 2015-03-10 21:36 - 00000000 ____D C:\Users\Korisnik\AppData\Roaming\Skype
2015-10-15 10:10 - 2015-03-10 20:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 12:34 - 2015-03-11 21:04 - 00000000 ____D C:\Users\Korisnik\AppData\LocalLow\KMPlayer
2015-10-08 14:10 - 2010-11-20 23:48 - 01086376 _____ C:\Windows\PFRO.log
2015-10-08 10:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Registration
2015-10-08 10:35 - 2015-03-10 20:52 - 00000000 ____D C:\ProgramData\Skype
2015-10-05 09:50 - 2015-03-11 21:15 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-03-11 21:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-03-11 21:15 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-01 14:03 - 2009-07-14 06:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 14:03 - 2009-07-14 06:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 12:22 - 2015-05-10 13:21 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00115640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-26 12:22 - 2015-05-10 13:21 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-26 12:21 - 2015-08-21 11:12 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-26 12:21 - 2015-05-10 13:21 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

==================== Files in the root of some directories =======

2015-05-22 12:51 - 2015-05-22 12:51 - 0008292 _____ () C:\Users\Korisnik\AppData\Roaming\UserTile.png

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 18:13

==================== End of FRST.txt ============================

Dopuna: 24 Okt 2015 21:24

Nesto sam uradio, a sta i kako...? Ne znam!

Poslao: 25 Okt 2015 00:09
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Arrow Deinstaliraj SUPERAntiSpyware.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e0e8-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e7e6-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
FF user.js: detected! => C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x317si3d.default\user.js [2015-03-12]
CHR Extension: (Pumpon) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\haolbibbaablcehodkafnelndogifafa [2015-10-20]
EmptyTemp:



2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

---------

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

---------

Preuzmi Junkware Removal Tool ( JRT ) i sacuvaj ga na desktop.

zatvori browser i ostale pokrenute programe;

Privremeno deaktiviraj zastitni softver (Uputstvo);

dvoklikom na ikonicu ( )pokreni program JRT;

Kod obavestenja "press any key" pritisnuti bilo koji taster i alat ce zapoceti skeniranje.
Napomena: u zavisnosti od sistemske specifikacije vreme skeniranja u nekim slucajevima moze da potraje.

Kada zavrsi otvorice se log sa izvestajem koji ce biti sacuvan na desktopu pod nazivom JRT.txt

Arrow Kopiraj sadrzaj tog loga u temu.

Poslao: 25 Okt 2015 13:27
Idi na vrh
offline
  • Pridružio: 24 Okt 2015
  • Poruke: 5

Napisano: 25 Okt 2015 12:35

Fix result of Farbar Recovery Scan Tool (x86) Version:25-10-2015
Ran by Korisnik (2015-10-25 12:16:25) Run:1
Running from C:\Users\Korisnik\Desktop
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e0e8-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\...\MountPoints2: {5ec0e7e6-c7e7-11e4-8cfd-001c23933762} - F:\Autorun.exe
FF user.js: detected! => C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x317si3d.default\user.js [2015-03-12]
CHR Extension: (Pumpon) - C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\haolbibbaablcehodkafnelndogifafa [2015-10-20]
EmptyTemp:
*****************

Restore point was successfully created.
"HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec0e0e8-c7e7-11e4-8cfd-001c23933762}" => key removed successfully.
HKCR\CLSID\{5ec0e0e8-c7e7-11e4-8cfd-001c23933762} => key not found.
"HKU\S-1-5-21-3934022801-4227452235-4244654791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec0e7e6-c7e7-11e4-8cfd-001c23933762}" => key removed successfully.
HKCR\CLSID\{5ec0e7e6-c7e7-11e4-8cfd-001c23933762} => key not found.
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x317si3d.default\user.js => moved successfully
C:\Users\Korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\haolbibbaablcehodkafnelndogifafa => moved successfully
EmptyTemp: => 635.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:17:25 ====

Dopuna: 25 Okt 2015 12:46

mycity.rs/must-login.png

Dopuna: 25 Okt 2015 13:09

mycity.rs/must-login.png

Dopuna: 25 Okt 2015 13:27

Sva uputstva sam ispostovao ispravno i korektno, nadam se. Malo cu se posvetiti lap topu i proveriti kako radi, iako mi se vec cini da poboljsanje postoji, brzi je, precizniji, ne zaglupljuje. Veliko hvala na pomoci, bicemo u kontaktu.
Pozdrav,
Yoker

Poslao: 25 Okt 2015 15:38
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Sve si dobro odradio. Mislim i ja da je to to.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Poslao: 25 Okt 2015 16:43
Idi na vrh
offline
  • Pridružio: 24 Okt 2015
  • Poruke: 5

Odradio sam i poslednju operaciju na koju ste me uputili sa DelFix-om (nadam se uspesno), ali moram Vam priznati da se i pre toga stanje mog lap topa drasticno poboljsalo, znatno je brzi i precizniji. Svima se mnogo zahvaljujem na pomoci, specijalno helen 1.
Veliki pozdrav
Yoker

MyCity » Ambulanta -> Arhiva Ambulante » Virus ili Malware

Ko je trenutno na forumu
 

Ukupno su 859 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 852 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, draggan, Koridor, opt1, Shilok, simazr, zlaya011