Problem sa malicioznim programima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

У питању је Lenovo лаптоп, који сам купио полован, на коме је Win XP SP3. Видео сам да је пун малициозних програма. Не могу да покренем Avast, чим покушам, "пешчани сат" потраје секунду-две и после тога ништа. Покушао сам да га деинсталишем па поново инсталишем помоћу aswclear.exe, међутим и тада се дешава исто. Такође не могу да покренем управљач задацима, већ добијам поруку да га је администратор система искључио.
Ни редовна деинсталација Avast-а није хтела да се покрене уз исту поруку као горе.
Скинуо сам ADWCLEANER и MCShield. Они су нешто одрадили, али проблем је остао.
Урадио сам све што сам знао, па сада тражим помоћ ...

Ево садржај фајла FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Marina (administrator) on MARINA-53F61D0D on 19-06-2015 11:52:37
Running from C:\Documents and Settings\Marina\My Documents\Downloads
Loaded Profiles: Marina (Available Profiles: Marina)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Autodata Limited) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Lenovo) C:\Program Files\Lenovo\PMDriver\PMSveH.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Conexant) C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lenovo) C:\PROGRA~1\Lenovo\PMDriver\PMHandler.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
(Xerox) C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
() C:\Program Files\GLPCCamera\monitorpad.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
() C:\DOCUME~1\Marina\LOCALS~1\Temp\winmhywv.exe
() C:\DOCUME~1\Marina\LOCALS~1\Temp\winkeat.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [561152 2008-05-15] (Lenovo Group Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [112936 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2783800 2008-07-21] (Conexant)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1421312 2008-05-01] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1261568 2008-05-01] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [241664 2008-03-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PMHandler] => C:\Program Files\Lenovo\PMDriver\PMHandler.exe [320808 2009-04-03] (Lenovo)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2061640 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [841040 2009-03-18] (CANON INC.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [1761391 2014-08-13] ()
HKLM\...\Run: [DSA_F10TimeoutSetter] => C:\BOSCH_PR\DSA_3_31\Runtime\DDB\F10TimeoutSetter.exe [359936 2004-01-07] ()
HKLM\...\Run: [DSA_AutoBackup] => C:\BOSCH_PR\DSA_3_31\Runtime\AutoBackup.exe [40960 2009-09-18] ( )
HKLM\...\Run: [gemstrmw] => C:\WINDOWS\system32\gemstrmw.exe [102400 2005-02-07] (Gemplus)
HKLM\...\Run: [Launcher3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2644480 2011-04-19] (Xerox)
HKLM\...\Run: [DocuPrint 3010 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2011-04-19] ()
HKLM\...\Run: [StatusAutoRun3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3658240 2011-04-19] ()
HKLM\...\Run: [KTSInit] => [X]
HKLM\...\Run: [StartDDM] => C:\Program Files\Bosch\DDM\bin\runDDM.exe [260608 2012-02-10] (Robert Bosch GmbH)
HKLM\...\Run: [GLSystray] => C:\Program Files\GLPCCamera\monitorpad.exe [151552 2010-04-27] ()
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\Run: [Facebook Update] => C:\Documents and Settings\Marina\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [207728 2012-08-11] (Facebook Inc.)
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-05-13] (Google Inc.)
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3743952 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\MountPoints2: {02f9d088-2a57-11e0-9378-00215db4a036} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\MountPoints2: {53f44046-090f-11e5-95a8-00215db4a036} - H:\otfpb.pif
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\MountPoints2: {630acf26-a5cb-11e3-93fc-00215db4a036} - H:\rseq.pif
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\MountPoints2: {a32dd22e-ab84-11e3-9407-00215db4a036} - H:\qeaf.exe
HKU\S-1-5-21-725345543-1229272821-682003330-1003\...\MountPoints2: {ee7051b1-2f34-11e1-9564-00215db4a036} - I:\Nokia_Ovi_Suite_3_0_0_291_ALL.exe
HKU\S-1-5-21-725345543-1229272821-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\BOSCHE~1.SCR [3630743 2010-04-08] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\BOSCHE~1.SCR [3630743 2010-04-08] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Diagnostics - Software.lnk [2012-03-27]
ShortcutTarget: Diagnostics - Software.lnk -> C:\BOSCH_PR\DSA_3_31\Runtime\DSA.exe ( )
Startup: C:\Documents and Settings\Marina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2009-11-19]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2013-08-30] (AVAST Software)
BootExecute: autocheck autochk * aswBoot.exe /M:5cca77336
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-725345543-1229272821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKU\S-1-5-21-725345543-1229272821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.allgameshome.com/
olbar" version="1.0.25"/>

HKU\S-1-5-21-725345543-1229272821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-725345543-1229272821-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-725345543-1229272821-682003330-1003 -> {031230F8-EA50-42A9-983C-D22ABC2EED3B} URL = http://www.qemit.com/toolbar/hub.php?a=sb&did=......01&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725345543-1229272821-682003330-1003 -> {A70FAF55-4E82-4C76-BAA3-19E013DCD7B6} URL = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30] (AVAST Software)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-08-30] (AVAST Software)
Toolbar: HKU\S-1-5-21-725345543-1229272821-682003330-1003 -> No Name - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Marina\Application Data\Mozilla\Firefox\Profiles\7fe91280.default
FF Homepage: hxxp://home.allgameshome.com/
FF Keyword.URL: hxxp://home.allgameshome.com/results.php?category=web&s=
FF NetworkProxy: "type", 0
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-725345543-1229272821-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Marina\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-725345543-1229272821-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-725345543-1229272821-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2007-05-01] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [2007-03-28] ()
FF SearchPlugin: C:\Documents and Settings\Marina\Application Data\Mozilla\Firefox\Profiles\7fe91280.default\searchplugins\allgameshome-search.xml [2011-11-10]
FF Extension: AllGamesHome Toolbar - C:\Documents and Settings\Marina\Application Data\Mozilla\Firefox\Profiles\7fe91280.default\Extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} [2012-01-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-21]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Marina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "vtcwrltkh" service was unlocked. <===== ATTENTION

R2 ACS; C:\WINDOWS\system32\acs.exe [499796 2010-05-21] (Atheros) [File not signed]
R2 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2006-05-12] (Autodata Limited) [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-05-01] (Intel(R) Corporation) [File not signed]
R2 ezGOSvc; C:\WINDOWS\system32\ezGOSvc.dll [73600 2011-05-29] ()
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [139552 2006-10-27] (Microsoft Corporation) [File not signed]
R2 PMSveH; C:\Program Files\Lenovo\PMDriver\PMSveH.exe [57344 2006-05-24] (Lenovo) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-01] (Intel(R) Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [901120 2008-05-01] (Intel(R) Corporation) [File not signed]
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [198776 2007-02-25] (TOSHIBA CORPORATION) [File not signed]
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-05-15] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-05-15] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-05-15] (Lenovo Group Limited) [File not signed]
R2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-09] (Lenovo Group Limited) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [352256 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [79872 2011-04-19] () [File not signed]
S2 vtcwrltkh; C:\WINDOWS\system32\bbxvqv.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770784 2014-12-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [737792 2008-04-21] (Conexant Systems Inc.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-10-12] (DT Soft Ltd)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57672 2009-02-17] (FTDI Ltd.)
R3 GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-26] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-26] (Conexant Systems, Inc.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [68096 2007-04-14] (EZB Systems, Inc.) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-19] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2009-05-03] (Padus, Inc.) [File not signed]
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-05-04] (Microsoft Corporation) [File not signed]
R1 PMHler; C:\WINDOWS\System32\drivers\PMHler.sys [10240 2006-05-24] (Lenovo )
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-03-20] (Intel Corporation)
S3 tosrfusb; C:\WINDOWS\System32\DRIVERS\tosrfusb.sys [41856 2010-02-23] (TOSHIBA CORPORATION) [File not signed]
S3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [974336 2008-07-01] (Vimicro Corporation)
R1 WINIO; C:\Programme\Bosch\ESItronic\KTS500\winio.sys [4944 2002-03-01] () [File not signed]
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2010-05-21] (Atheros Communications, Inc.) [File not signed]
R3 amsint32; \??\C:\WINDOWS\system32\drivers\mqqgmn.sys [X]
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
U2 CertPropSvc; No ImagePath
S4 IntelIde; No ImagePath
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 Tosrfcom; No ImagePath
S1 UimBus; system32\DRIVERS\UimBus.sys [X]
S1 Uim_IM; System32\Drivers\Uim_IM.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: vtcwrltkh -> C:\WINDOWS\system32\bbxvqv.dll ==> No File
NETSVC: ezGOSvc -> C:\WINDOWS\system32\ezGOSvc.dll ()

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 11:52 - 2015-06-19 11:52 - 00000000 ____D C:\FRST
2015-06-19 11:27 - 2015-06-19 11:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-06-19 11:18 - 2015-06-19 11:18 - 00103140 __RSH C:\yjferr.exe
2015-06-19 11:17 - 2015-06-19 11:17 - 00000000 ____D C:\WINDOWS\pss
2015-06-19 10:56 - 2015-06-19 10:57 - 00000000 ____D C:\Documents and Settings\Marina\Desktop\Alati za računar
2015-06-18 20:24 - 2015-06-19 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2015-06-18 20:24 - 2015-06-18 20:24 - 00000000 ____D C:\Program Files\MCShield
2015-06-18 20:24 - 2015-06-18 20:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2015-06-18 19:53 - 2015-06-19 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-06-18 19:53 - 2015-06-19 10:58 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 19:53 - 2015-06-18 19:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-18 19:52 - 2015-06-18 19:52 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 19:37 - 2015-06-18 19:41 - 00000000 ____D C:\AdwCleaner
2015-06-07 22:13 - 2015-06-07 22:13 - 00002515 _____ C:\Documents and Settings\Marina\Desktop\Microsoft Office Word 2007.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 11:53 - 2009-05-03 21:08 - 00000000 ____D C:\Documents and Settings\Marina\Local Settings\Temp
2015-06-19 11:29 - 2012-08-12 17:38 - 00431930 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-19 11:21 - 2009-05-03 13:44 - 00474832 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-19 11:17 - 2012-08-11 17:10 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-19 11:17 - 2011-01-11 22:18 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 11:17 - 2011-01-01 22:57 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-19 11:17 - 2011-01-01 22:57 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-19 11:17 - 2009-05-04 00:31 - 00000520 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak
2015-06-19 11:17 - 2009-05-03 21:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-19 11:12 - 2012-01-10 21:57 - 00524288 _____ C:\WINDOWS\system32\config\ACS.evt
2015-06-19 11:12 - 2009-05-03 21:08 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-19 11:12 - 2009-05-03 21:08 - 00000178 ___SH C:\Documents and Settings\Marina\ntuser.ini
2015-06-19 11:11 - 2009-05-03 21:08 - 00000000 ____D C:\Documents and Settings\Marina
2015-06-19 11:10 - 2013-05-13 21:02 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1229272821-682003330-1003UA.job
2015-06-19 11:07 - 2011-01-11 22:18 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 09:48 - 2014-06-13 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\firebird
2015-06-19 09:47 - 2013-01-26 14:41 - 00000000 _____ C:\sparkraw.log
2015-06-18 20:17 - 2011-12-28 22:51 - 00001050 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1229272821-682003330-1003UA.job
2015-06-18 19:35 - 2012-08-12 17:36 - 00174577 _____ C:\WINDOWS\setupapi.log
2015-06-18 17:56 - 2013-01-26 15:22 - 00002405 _____ C:\Documents and Settings\All Users\Desktop\CitacSaobracajne.lnk
2015-06-18 10:27 - 2004-08-04 14:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-15 17:17 - 2011-12-28 22:51 - 00001028 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-725345543-1229272821-682003330-1003Core.job
2015-06-15 17:10 - 2013-05-13 21:02 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1229272821-682003330-1003Core.job
2015-06-12 23:04 - 2012-03-27 17:09 - 00000990 _____ C:\WINDOWS\esidata.ini
2015-06-11 15:52 - 2009-10-08 20:19 - 00566784 _____ C:\WINDOWS\~de74bc.tmp
2015-06-11 15:52 - 2009-10-08 20:19 - 00001696 _____ C:\WINDOWS\Ky5s96SF.csa
2015-06-11 15:52 - 2009-10-08 20:16 - 00000000 ____D C:\Adcda2
2015-06-10 16:19 - 2012-01-30 15:04 - 00002301 _____ C:\Documents and Settings\Marina\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2011-02-09 13:36 - 2012-02-12 21:07 - 0000034 _____ () C:\Documents and Settings\Marina\Application Data\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
2009-05-08 11:48 - 2015-02-26 15:23 - 0122880 _____ () C:\Documents and Settings\Marina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 15:08 - 2012-03-27 15:08 - 0000129 _____ () C:\Documents and Settings\Marina\Local Settings\Application Data\fusioncache.dat
2012-08-12 21:53 - 2013-10-12 10:58 - 4855250 _____ () C:\Documents and Settings\All Users\OfflineCatalogue_1_2012_TECDOC_CD.log

Some files in TEMP:
====================
C:\Documents and Settings\Marina\Local Settings\Temp\Deldevice.dll
C:\Documents and Settings\Marina\Local Settings\Temp\DelVista.dll
C:\Documents and Settings\Marina\Local Settings\Temp\Installer.dll
C:\Documents and Settings\Marina\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Marina\Local Settings\Temp\tbBS_0.dll
C:\Documents and Settings\Marina\Local Settings\Temp\tbIOb0.dll
C:\Documents and Settings\Marina\Local Settings\Temp\tbsof0.dll
C:\Documents and Settings\Marina\Local Settings\Temp\winkeat.exe
C:\Documents and Settings\Marina\Local Settings\Temp\winmhywv.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

А ево и Addition.txt:
https://www.mycity.rs/must-login.png

Хвала!

• 1Ovo se svidja korisniku: miroslav.maričić
  
  Registruj se da bi pohvalio/la poruku!

Na sistemu je prisutan Sality tako da ti ne gine formatiranje svih particija i nova instalacija Windowsa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Да ли то значи да се баш ништа не може урадити, осим форматирања и поновне инсталације Windowsa?

• 1Ovo se svidja korisniku: miroslav.maričić
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jun 2015 19:58

Nažalost ne.

Dopuna: 19 Jun 2015 19:59

Ili da formatiraš samo sistemsku particiju i:



Nakon instalacije Windowsa ne smiješ ulaziti na druge particije na hard disku niti smiješ priključivati USB diskove u računar. To ćeš tek smjeti nakon što obaviš sljedeće korake.





Koristeći Internet Explorer ili neki drugi browser (koji ćeš preuzeti sa IE) skini Avast Free (link), instaliraj ga i pokreni boot-time skeniranje na svim particijama (u Settings označiti All hard disks, link)

Nakon toga:





Preuzmi MCShield sa sljedeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ок, шта је - ту је... Одрадићу то све у понедељак јер имам обавезе око матурских испита.