Prepoznaje malware na Facebook-u

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav svima, nov sam na ovom forumu i nisam bas upoznat kako i sta. Evo ovako. Pre par dana hteo sam da se ulogujem na fb i odjednom mi je izbacilo da moram da ocistim kompjuter od virusa i da zbog toga ne mogu da se ulogujem na fb. "Your Computer Needs to Be Cleaned." S' tim sto imam dva profila i na jedan mogu da se ulogujem bez problema, a na drugi ne. Skenirao sam pomocu "Malwarebytes Anti-Malware" i pronasao je dva malwera koja sam bez problema uklonio, ponovo skenirao, nije nista vise pronasao, sve je bilo cisto, restartovao kompjuter, ali nista se nije promenilo.
Pored toga moram da navedem da mi iskace da imam neki problem na kompjuteru!

"avgwdsvc.exe has encountered a problem and needs to close."

Vezano za Avg antivirus, koji ne mogu da obrisem. SVi ovi problemi su mi se desili pre par dana bas kada mi se desilo to da ne mogu da se ulogujem na facebook profil.

Poslacu vam i slike da vam bolje docaram problem.


Imam Sbb internet, brzina je 100.0 Mbps.

mycity.rs/must-login.png

mycity.rs/must-login.png





Hvala unapred. Srdacan pozdrav. :-)






















Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by ROBBI (administrator) on ROBI on 05-07-2015 21:48:56
Running from C:\Documents and Settings\ROBBI\Desktop
Loaded Profiles: ROBBI (Available Profiles: ROBBI)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16125440 2007-02-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKU\S-1-5-21-220523388-842925246-1177238915-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-220523388-842925246-1177238915-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-220523388-842925246-1177238915-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-220523388-842925246-1177238915-1003\...\Run: [Viber] => "C:\Documents and Settings\ROBBI\Local Settings\Application Data\Viber\Viber.exe"
Lsa: [Authentication Packages] msv1_0 nwprovau
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-220523388-842925246-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-220523388-842925246-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{BD12E77D-9630-42E0-BB44-06980F04BFA9}: [DhcpNameServer] 89.216.1.30 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Documents and Settings\ROBBI\Application Data\Mozilla\Firefox\Profiles\9zc5ht2e.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-12-30]
FF Extension: Adblock Plus - C:\Documents and Settings\ROBBI\Application Data\Mozilla\Firefox\Profiles\9zc5ht2e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [110592 2005-04-06] () [File not signed]
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) [File not signed]
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed]
R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) [File not signed]
R3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () [File not signed]
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation) [File not signed]
S3 BTNetFilter; C:\WINDOWS\system32\drivers\BTNetFilter.sys [13304 2004-12-16] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [86800 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202128 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109584 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [126480 2015-02-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [46480 2014-10-21] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [99856 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52112 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120592 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281232 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [205456 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108432 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [239888 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94864 2015-02-09] (Panda Security, S.L.)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-18] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-09-27] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-09-27] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140816 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103312 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172432 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114704 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [124944 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100624 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 TT1724ht; C:\WINDOWS\System32\drivers\TT1724ht.sys [73344 2004-12-01] (TerraTec Electronic GmbH) [File not signed]
R3 TT1724sa; C:\WINDOWS\System32\drivers\TT1724sa.sys [400640 2004-05-11] (Sensaura) [File not signed]
S3 udsstub; C:\WINDOWS\System32\DRIVERS\udsstub.sys [16000 2012-06-18] (SysNucleus) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) [File not signed]
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) [File not signed]
S4 IntelIde; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:49 - 2015-07-05 21:49 - 00000039 _____ C:\Documents and Settings\ROBBI\Desktop\New Text Document (2).txt
2015-07-05 21:48 - 2015-07-05 21:49 - 00014482 _____ C:\Documents and Settings\ROBBI\Desktop\FRST.txt
2015-07-05 21:48 - 2015-07-05 21:49 - 00000000 ____D C:\FRST
2015-07-05 21:48 - 2015-07-05 21:47 - 01636352 _____ (Farbar) C:\Documents and Settings\ROBBI\Desktop\FRST.exe
2015-07-04 18:20 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-07-04 18:18 - 2015-07-05 15:22 - 00065536 _____ C:\WINDOWS\system32\config\Nano.evt
2015-07-04 18:18 - 2015-07-04 18:18 - 00000000 ____D C:\Documents and Settings\ROBBI\Application Data\Panda Security
2015-07-04 18:18 - 2015-07-04 18:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus
2015-07-04 18:14 - 2015-07-04 18:18 - 00000000 ____D C:\Program Files\Panda Security
2015-07-04 18:13 - 2015-07-04 18:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Panda Security
2015-07-03 22:09 - 2015-07-05 21:37 - 00003098 _____ C:\Documents and Settings\ROBBI\debug.log
2015-07-03 16:07 - 2015-07-03 16:07 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 16:07 - 2015-07-03 16:07 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-07-03 16:07 - 2015-07-03 16:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 15:04 - 2015-07-03 15:10 - 00000000 ____D C:\Program Files\Google
2015-07-02 19:41 - 2015-07-03 14:53 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 19:40 - 2015-07-02 19:40 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-02 19:40 - 2015-07-02 19:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-02 19:39 - 2015-07-02 19:40 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-02 19:39 - 2015-07-02 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-07-02 19:39 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-02 19:39 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-02 07:18 - 2015-07-02 07:18 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\McAfee
2015-06-29 02:07 - 2015-06-29 17:28 - 00000000 ____D C:\Documents and Settings\ROBBI\Desktop\Tattoo
2015-06-28 22:38 - 2015-06-28 22:38 - 00000000 ____D C:\WINDOWS\GTA Vice City - Burn
2015-06-25 00:30 - 2015-06-25 00:30 - 00000000 __SHD C:\Documents and Settings\ROBBI\PrivacIE
2015-06-25 00:25 - 2015-06-25 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Free YouTube Downloader
2015-06-25 00:23 - 2015-06-25 00:30 - 00000000 ____D C:\Documents and Settings\ROBBI\Local Settings\Application Data\Opera Software
2015-06-25 00:23 - 2015-06-25 00:30 - 00000000 ____D C:\Documents and Settings\ROBBI\Application Data\Opera Software
2015-06-25 00:18 - 2015-06-25 00:30 - 00000000 ____D C:\Program Files\Opera
2015-06-25 00:16 - 2015-06-25 00:16 - 00000000 ____D C:\Documents and Settings\ROBBI\Application Data\How Inc
2015-06-18 16:21 - 2015-06-18 16:21 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
2015-06-18 12:00 - 2015-06-18 12:00 - 00000000 ____D C:\Documents and Settings\ROBBI\Local Settings\Application Data\Avg
2015-06-17 23:45 - 2015-06-18 01:13 - 00000509 _____ C:\WINDOWS\system32\debug.log
2015-06-17 21:05 - 2014-12-30 00:32 - 00000534 _____ C:\Documents and Settings\ROBBI\Desktop\KMPlayer.lnk
2015-06-17 18:43 - 2015-07-03 16:07 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 21:49 - 2014-12-29 23:07 - 00000000 ____D C:\Documents and Settings\ROBBI\Local Settings\Temp
2015-07-05 21:38 - 2014-12-30 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-05 21:31 - 2014-12-30 00:49 - 00000000 ____D C:\Documents and Settings\ROBBI\Application Data\Skype
2015-07-05 21:24 - 2014-12-29 23:07 - 00000000 ____D C:\Documents and Settings\ROBBI
2015-07-05 21:23 - 2014-12-30 00:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-05 21:11 - 2014-12-29 23:01 - 01345096 ____N C:\WINDOWS\WindowsUpdate.log
2015-07-05 19:59 - 2015-01-24 20:20 - 00002267 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-07-05 16:23 - 2014-12-29 23:06 - 00032370 ____N C:\WINDOWS\SchedLgU.Txt
2015-07-05 15:24 - 2014-12-30 02:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2015-07-05 15:24 - 2014-12-29 23:54 - 00000159 ____N C:\WINDOWS\wiadebug.log
2015-07-05 15:24 - 2014-12-29 23:54 - 00000048 ____N C:\WINDOWS\wiaservc.log
2015-07-05 15:24 - 2014-12-29 23:28 - 00081496 _____ C:\WINDOWS\system32\nvapps.xml
2015-07-05 15:23 - 2014-12-29 23:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-05 15:22 - 2014-12-29 23:07 - 00000178 ___SH C:\Documents and Settings\ROBBI\ntuser.ini
2015-07-05 13:38 - 2014-12-29 23:49 - 03785096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-04 18:19 - 2014-12-30 02:00 - 00135232 _____ C:\Documents and Settings\ROBBI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-02 20:30 - 2014-12-30 02:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2015-07-02 19:33 - 2014-12-30 02:22 - 00671474 ___SH C:\Documents and Settings\ROBBI\Desktop\Thumbs.db
2015-07-01 17:53 - 2014-12-30 00:25 - 00000000 ____D C:\Documents and Settings\ROBBI\Local Settings\Application Data\Adobe
2015-07-01 17:50 - 2014-12-30 00:31 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-01 17:50 - 2014-12-30 00:31 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-29 03:19 - 2014-12-30 02:58 - 00000000 ____D C:\Documents and Settings\ROBBI\Application Data\uTorrent
2015-06-29 02:00 - 2015-01-07 18:40 - 00000342 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-ROBI-ROBBI.job
2015-06-28 22:02 - 2014-12-30 00:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-06-28 21:55 - 2014-12-30 00:32 - 00000000 ____D C:\KMPlayer
2015-06-25 00:17 - 2015-01-26 17:19 - 00000000 ____D C:\Program Files\Free YouTube Downloader
2015-06-25 00:17 - 2015-01-26 17:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Free YouTube Downloader
2015-06-24 15:03 - 2014-12-30 00:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-18 16:21 - 2015-04-15 21:49 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-06-17 10:57 - 2015-01-15 14:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-17 10:57 - 2008-04-14 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-16 15:21 - 2014-12-29 23:52 - 00001789 _____ C:\WINDOWS\system32\AUTOEXEC.NT
2015-06-16 15:21 - 2008-04-14 15:00 - 00000246 _____ C:\WINDOWS\system.ini

==================== Files in the root of some directories =======

2015-02-23 18:22 - 2015-02-23 18:22 - 0001456 _____ () C:\Documents and Settings\ROBBI\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
2014-12-31 12:02 - 2015-03-26 17:04 - 0005120 _____ () C:\Documents and Settings\ROBBI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-01 22:53 - 2015-01-01 22:53 - 0000218 _____ () C:\Documents and Settings\ROBBI\Local Settings\Application Data\recently-used.xbel

Some files in TEMP:
====================
C:\Documents and Settings\ROBBI\Local Settings\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav Robbi93, ja cu raditi na tvom slucaju.
Ovo je prosto za tebe, samo pratis moje instrukcije a ja radim tezi deo.

Citat:Pored toga moram da navedem da mi iskace da imam neki problem na kompjuteru!

Mozes li da uslikas taj prozor (screenshot) pa da postavis ovde da vidim sta ti to iskace?




Prvo, ti imas dva aktivna AntiVirus programa na sistemu. Dva 'vozaca' ne mogu da voze jedan auto istovremeno. Potrebno je da se opredelis za jedan program, drugi da deinstaliras;

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}

Deinstaliraj jedan od ova dva; Start > Control Panel > Add or Remove Programs





Postavljeni logovi ne pokazuju znakove aktivne infekcije. Idemo na malo dublju proveru;







1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);
Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.

------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 05 Jul 2015 22:45



Dopuna: 05 Jul 2015 22:47

Ne mogu da obrisem Avg, zato sam morao da instaliram Pandu :/

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstaliraj AVG ili ako resis da deinstaliras Panda AV, AVG ce morati biti reinstaliran.

Kada resis pitanje AntiVirus programa, predji na ComboFix proceduru.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 05 Jul 2015 23:50

mycity.rs/must-login.png




ComboFix 15-07-05.01 - ROBBI 05.07.2015 23:37:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.348 [GMT 2:00]
Running from: c:\documents and settings\ROBBI\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2015 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ROBBI\WINDOWS
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\SET12B.tmp
c:\windows\system32\SETF4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-06-05 to 2015-07-05 )))))))))))))))))))))))))))))))
.
.
2015-07-05 19:48 . 2015-07-05 19:51 -------- d-----w- C:\FRST
2015-07-04 16:18 . 2015-07-05 21:02 -------- d-----w- c:\documents and settings\ROBBI\Application Data\Panda Security
2015-07-04 16:14 . 2015-07-05 21:24 -------- d-----w- c:\program files\Panda Security
2015-07-04 16:13 . 2015-07-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2015-07-03 14:07 . 2015-07-03 14:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-07-03 13:04 . 2015-07-03 13:10 -------- d-----w- c:\program files\Google
2015-07-02 17:41 . 2015-07-03 12:53 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-02 17:39 . 2015-06-18 06:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-02 17:39 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-02 17:39 . 2015-07-02 17:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-02 17:39 . 2015-07-02 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-07-02 05:18 . 2015-07-02 05:18 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2015-06-28 20:38 . 2015-06-28 20:38 -------- d-----w- c:\windows\GTA Vice City - Burn
2015-06-24 22:30 . 2015-06-24 22:30 -------- d-sh--w- c:\documents and settings\ROBBI\PrivacIE
2015-06-24 22:25 . 2015-06-24 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Free YouTube Downloader
2015-06-24 22:23 . 2015-06-24 22:30 -------- d-----w- c:\documents and settings\ROBBI\Local Settings\Application Data\Opera Software
2015-06-24 22:23 . 2015-06-24 22:30 -------- d-----w- c:\documents and settings\ROBBI\Application Data\Opera Software
2015-06-24 22:18 . 2015-06-24 22:30 -------- d-----w- c:\program files\Opera
2015-06-24 22:16 . 2015-06-24 22:16 -------- d-----w- c:\documents and settings\ROBBI\Application Data\How Inc
2015-06-24 12:59 . 2015-06-24 12:59 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg
2015-06-18 14:21 . 2015-06-18 14:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2015-06-18 10:00 . 2015-06-18 10:00 -------- d-----w- c:\documents and settings\ROBBI\Local Settings\Application Data\Avg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 15:50 . 2014-12-29 22:31 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-01 15:50 . 2014-12-29 22:31 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 07:57 . 2014-12-08 20:25 213472 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-05-14 11:49 . 2014-06-18 19:03 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-12 12:46 . 2014-10-10 14:13 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-05-12 12:45 . 2014-11-18 20:41 190944 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-12 12:45 . 2014-10-05 19:42 169440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-05-07 11:52 . 2014-07-18 13:55 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-04-15 11:05 . 2014-08-28 19:43 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-06-16 3727824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-03 06:31 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2013-04-25 02:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-12-12 17:21 5489944 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 10:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\ROBBI\\Application Data\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\KOBK Counter-Strike\\hl.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [18.11.2014 22:41 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [18.7.2014 15:55 290272]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [18.6.2014 21:03 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [18.6.2014 21:03 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [8.12.2014 22:25 213472]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [18.6.2014 21:03 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [28.8.2014 21:43 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.10.2014 16:13 213984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [16.6.2015 17:21 3461072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2.7.2015 19:39 23256]
R3 TT1724ht;AureonWDM;c:\windows\system32\drivers\TT1724ht.sys [1.12.2004 17:23 73344]
R3 TT1724sa;TT1724sa;c:\windows\system32\drivers\TT1724sa.sys [11.5.2004 12:27 400640]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [16.6.2015 17:13 312816]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2.7.2015 19:40 1133880]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11.12.2014 11:30 315496]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 udsstub;USBDeviceShare USB Device Stub;c:\windows\system32\drivers\udsstub.sys [7.1.2015 17:33 16000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-29 15:50]
.
2015-06-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-ROBI-ROBBI.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2014-10-14 04:34]
.
2015-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
FF - ProfilePath - c:\documents and settings\ROBBI\Application Data\Mozilla\Firefox\Profiles\9zc5ht2e.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Viber - c:\documents and settings\ROBBI\Local Settings\Application Data\Viber\Viber.exe
HKLM-Run-EaseUS EPM tray - c:\program files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2015-07-05 23:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-07-05 23:48:25
ComboFix-quarantined-files.txt 2015-07-05 21:48
.
Pre-Run: 21.884.166.144 bytes free
Post-Run: 22.031.745.024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows" /noexecute=optin /fastdetect
.
- - End Of File - - DA2956395C9BEA6E1C465110A6703364
8F558EB6672622401DA993E1E865C861





Dopuna: 05 Jul 2015 23:56

mycity.rs/must-login.png

Dopuna: 06 Jul 2015 11:31

Skenirao mi je preko ComboFix-a, sta dalje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovi logovi meni izlaze cisto, ne pokazuju tragove aktivne infekcije. Jedino jos da odradimo ARK (Anti-RootKit) proveru ali malo je verovatno da ovde ima aktivan maliciozan RootKit.

Citat:Vezano za Avg antivirus, koji ne mogu da obrisem. SVi ovi problemi su mi se desili pre par dana bas kada mi se desilo to da ne mogu da se ulogujem na facebook profil.
Kako to mislis da ne mozes da ga obrises? Mislis deinstaliras?

Vezano za error (gresku) koju pokazujes da ti se pojavljuje, ta greska je vezana za sam AVG AntiVirus. Mozes da pokusas da odradis repair (popravku) AV programa iz Add or Remove Programa ili prosto da ga kompletno deinstaliras.

Ako AV program odbija deinstalaciju, mozes koristiti specijalizovan AVG Uninstall alat;
https://singularlabs.com/uninstallers/security-software/
http://www.askvg.com/ultimate-collection-of-uninst.....-software/

Potom preuzmes svezu instalaciju sa oficijalnog sajta i ponovo instaliras AV.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uspesno sam obrisao Avg, a potom sam instalirao Panda antivirus i Panda Internet Security.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sada stanje? Vise ne dobijas gresku? Pokrenuo si Uninstall alat za AVG kao sto sam ti predlozio?

A da li ti FaceBook i dalje izbacuje upozorenje za malware?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne, vise nista ne pokazuje. Obrisan je Avg skroz, ali i dalje ne mogu da se ulogujem na facebook.

• 1Ovo se svidja korisniku: W32.Sality
  
  Registruj se da bi pohvalio/la poruku!

Ne bih znao zasto ne mozes da se ulogujes na facebook, ja ovde ne vidim malware.

Mozda je potrebno par dana da FaceBook registruje promene. Ja mogu jos da ti uklonim alate, jer problem koji imas nije vezan za malware iako ti FB govori drugacije.



• Sledeća procedura će implementirati završno čišćenje.



Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.