Antivirus security pro

2

Antivirus security pro

offline
  • Pridružio: 11 Okt 2013
  • Poruke: 12

Napisano: 12 Okt 2013 20:06

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Milutin (administrator) on MILUTIN-PC on 12-10-2013 20:00:48
Running from C:\Users\Milutin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5634800 2012-06-14] (ESET)
HKCU\...\Run: [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7A4CF10B8C6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
URLSearchHook: (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Milutin\AppData\Roaming\Mozilla\Firefox\Profiles\17h5nd56.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - D:\PICASA\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: PriceGong - C:\Users\Milutin\AppData\Roaming\Mozilla\Firefox\Profiles\17h5nd56.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\webcam_image.jpg
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1288104 2012-06-14] (ESET)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-06-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-06-14] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [188696 2012-06-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38328 2012-06-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62536 2012-06-14] (ESET)
S3 PortTalk; C:\Windows\SysWow64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic beyondlogic.org)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 PortTalk; System32\Drivers\PortTalk.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-12 19:21 - 2013-10-12 19:21 - 00016213 _____ C:\Users\Milutin\Desktop\Addition.txt
2013-10-12 19:19 - 2013-10-12 19:19 - 00000000 ____D C:\FRST
2013-10-12 19:16 - 2013-10-12 19:18 - 01954124 _____ (Farbar) C:\Users\Milutin\Desktop\FRST64.exe
2013-10-12 19:07 - 2013-10-12 19:07 - 00011414 _____ C:\Users\Milutin\Desktop\dds.txt
2013-10-12 19:07 - 2013-10-12 19:07 - 00006166 _____ C:\Users\Milutin\Desktop\attach.txt
2013-10-12 19:04 - 2013-10-12 19:04 - 00688992 ____R (Swearware) C:\Users\Milutin\Downloads\dds.scr
2013-10-12 18:44 - 2013-10-12 18:44 - 00001542 _____ C:\Users\Milutin\Desktop\RKreport[0]_SC_10122013_184406.txt
2013-10-12 18:43 - 2013-10-12 18:43 - 00008877 _____ C:\Users\Milutin\Desktop\RKreport[0]_D_10122013_184307.txt
2013-10-12 18:41 - 2013-10-12 18:41 - 00006599 _____ C:\Users\Milutin\Desktop\RKreport[0]_S_10122013_184159.txt
2013-10-12 18:36 - 2013-10-12 18:43 - 00000000 ____D C:\Users\Milutin\Desktop\RK_Quarantine
2013-10-11 22:56 - 2013-10-11 22:54 - 00688992 ____R (Swearware) C:\Users\Milutin\Desktop\dds.scr
2013-10-11 00:27 - 2013-10-12 18:32 - 00001666 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro.lnk
2013-10-11 00:27 - 2013-10-12 18:32 - 00000118 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro support.url
2013-10-11 00:27 - 2013-10-11 00:27 - 00000000 ____D C:\Users\Milutin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-10-10 18:52 - 2013-10-10 21:26 - 00000000 ____D C:\ProgramData\3Vg9gVrn
2013-10-06 08:49 - 2013-10-06 09:07 - 00000000 ____D C:\Users\Milutin\Desktop\sarina muzika
2013-10-01 21:51 - 2013-10-01 21:51 - 00347702 _____ C:\Users\Milutin\Downloads\Testovi-5razred.zip
2013-09-30 21:40 - 2013-10-12 19:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-29 18:49 - 2013-10-09 14:39 - 00000000 ____D C:\Users\Milutin\Desktop\SARIN FOLDER
2013-09-25 22:19 - 2013-09-25 22:20 - 00000000 ____D C:\Users\Milutin\Desktop\Nadjin folder
2013-09-22 03:19 - 2013-09-22 03:19 - 00645968 _____ C:\Users\Milutin\Downloads\pogodi-ko-sam-asocijacije.ppsx

==================== One Month Modified Files and Folders =======

2013-10-12 19:46 - 2012-09-02 16:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-12 19:37 - 2013-09-30 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-12 19:21 - 2013-10-12 19:21 - 00016213 _____ C:\Users\Milutin\Desktop\Addition.txt
2013-10-12 19:19 - 2013-10-12 19:19 - 00000000 ____D C:\FRST
2013-10-12 19:18 - 2013-10-12 19:16 - 01954124 _____ (Farbar) C:\Users\Milutin\Desktop\FRST64.exe
2013-10-12 19:07 - 2013-10-12 19:07 - 00011414 _____ C:\Users\Milutin\Desktop\dds.txt
2013-10-12 19:07 - 2013-10-12 19:07 - 00006166 _____ C:\Users\Milutin\Desktop\attach.txt
2013-10-12 19:04 - 2013-10-12 19:04 - 00688992 ____R (Swearware) C:\Users\Milutin\Downloads\dds.scr
2013-10-12 18:44 - 2013-10-12 18:44 - 00001542 _____ C:\Users\Milutin\Desktop\RKreport[0]_SC_10122013_184406.txt
2013-10-12 18:43 - 2013-10-12 18:43 - 00008877 _____ C:\Users\Milutin\Desktop\RKreport[0]_D_10122013_184307.txt
2013-10-12 18:43 - 2013-10-12 18:36 - 00000000 ____D C:\Users\Milutin\Desktop\RK_Quarantine
2013-10-12 18:42 - 2012-11-24 01:50 - 00000000 ____D C:\Users\Milutin\AppData\Local\CrashDumps
2013-10-12 18:41 - 2013-10-12 18:41 - 00006599 _____ C:\Users\Milutin\Desktop\RKreport[0]_S_10122013_184159.txt
2013-10-12 18:38 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-12 18:38 - 2009-07-14 06:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-12 18:37 - 2009-07-14 07:13 - 00777960 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-12 18:32 - 2013-10-11 00:27 - 00001666 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro.lnk
2013-10-12 18:32 - 2013-10-11 00:27 - 00000118 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro support.url
2013-10-12 18:32 - 2012-05-27 22:43 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-12 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 22:54 - 2013-10-11 22:56 - 00688992 ____R (Swearware) C:\Users\Milutin\Desktop\dds.scr
2013-10-11 00:27 - 2013-10-11 00:27 - 00000000 ____D C:\Users\Milutin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-10-10 21:26 - 2013-10-10 18:52 - 00000000 ____D C:\ProgramData\3Vg9gVrn
2013-10-10 19:10 - 2012-05-27 21:00 - 00002472 _____ C:\Windows\WINCMD.INI
2013-10-10 18:52 - 2012-07-08 20:57 - 00000000 ____D C:\Users\Milutin\AppData\Local\Google
2013-10-10 18:52 - 2012-07-08 20:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-09 19:48 - 2012-09-02 16:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 19:48 - 2012-09-02 16:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 19:48 - 2012-09-02 16:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 14:39 - 2013-09-29 18:49 - 00000000 ____D C:\Users\Milutin\Desktop\SARIN FOLDER
2013-10-09 14:09 - 2012-05-29 00:48 - 00000000 ____D C:\Users\Milutin\AppData\Roaming\Skype
2013-10-06 09:07 - 2013-10-06 08:49 - 00000000 ____D C:\Users\Milutin\Desktop\sarina muzika
2013-10-06 08:51 - 2013-01-13 18:13 - 00000000 ____D C:\Users\Milutin\Downloads\(3 (3_files
2013-10-02 21:13 - 2012-06-18 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 21:51 - 2013-10-01 21:51 - 00347702 _____ C:\Users\Milutin\Downloads\Testovi-5razred.zip
2013-09-30 22:02 - 2012-05-27 20:18 - 00000000 ____D C:\Users\Milutin\AppData\Local\Mozilla
2013-09-29 18:56 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-28 14:03 - 2012-05-27 22:23 - 00000000 ____D C:\Users\Milutin\Documents\Bluetooth Folder
2013-09-25 22:20 - 2013-09-25 22:19 - 00000000 ____D C:\Users\Milutin\Desktop\Nadjin folder
2013-09-22 03:19 - 2013-09-22 03:19 - 00645968 _____ C:\Users\Milutin\Downloads\pogodi-ko-sam-asocijacije.ppsx
2013-09-14 10:32 - 2012-07-08 21:10 - 00006656 _____ C:\Users\Milutin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 00:17

==================== End Of Log ============================

Dopuna: 12 Okt 2013 20:06

Jel sad dobro?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Sad je dobro. Wink



Arrow Start > Control Panel > Programs and Features

Tamo deinstaliraj sledece:
BitTorrentControl_v12 Toolbar (x32 Version: 6.14.0.28)
PriceGong 2.6.4 (x32 Version: 2.6.4)



Arrow Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.


START
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO-x32: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
C:\Program Files (x86)\PriceGong
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)
C:\Program Files (x86)\BitTorrentControl_v12
C:\Users\Milutin\Desktop\RK_Quarantine
2013-10-11 00:27 - 2013-10-12 18:32 - 00001666 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro.lnk
2013-10-11 00:27 - 2013-10-12 18:32 - 00000118 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro support.url
2013-10-11 00:27 - 2013-10-11 00:27 - 00000000 ____D C:\Users\Milutin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-10-10 18:52 - 2013-10-10 21:26 - 00000000 ____D C:\ProgramData\3Vg9gVrn
2013-10-12 18:32 - 2012-05-27 22:43 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-12 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
C:\Program Files (x86)\Google\Desktop\Install
CMD: netsh winsock reset
CMD: ipconfig /flushdns
END


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).


Potrebno je da fixlog.txt kopiras na forum



--------- potom ---------



Preuzmi ESET services repair tool na Desktop.

Pokreni ServicesRepair.exe

Klikni Yes kada se pojavi prozor

Kada alat zavrsi, zatrazice ti da restartujes racunar. Klikni na Yes

Nakon restarta, na Desktop-u ce se nalaziti CC Support folder, a u okviru njega folder Logs

Unutar foldera Logs se nalazi SvcRepair.txt fajl ciji sadrzaj treba da kopiras u temu.

offline
  • Pridružio: 11 Okt 2013
  • Poruke: 12

Napisano: 12 Okt 2013 20:39

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Milutin at 2013-10-12 20:32:48 Run:1
Running from C:\Users\Milutin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
START
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO-x32: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
C:\Program Files (x86)\PriceGong
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
Toolbar: HKLM-x32 - BitTorrentControl_v12 Toolbar - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBit2.dll (Conduit Ltd.)
C:\Program Files (x86)\BitTorrentControl_v12
C:\Users\Milutin\Desktop\RK_Quarantine
2013-10-11 00:27 - 2013-10-12 18:32 - 00001666 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro.lnk
2013-10-11 00:27 - 2013-10-12 18:32 - 00000118 _____ C:\Users\Milutin\Desktop\Antivirus Security Pro support.url
2013-10-11 00:27 - 2013-10-11 00:27 - 00000000 ____D C:\Users\Milutin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-10-10 18:52 - 2013-10-10 21:26 - 00000000 ____D C:\ProgramData\3Vg9gVrn
2013-10-12 18:32 - 2012-05-27 22:43 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-12 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
C:\Program Files (x86)\Google\Desktop\Install
CMD: netsh winsock reset
CMD: ipconfig /flushdns
END
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} => Key not found.
HKCR\Wow6432Node\CLSID\{1631550F-191D-4826-B069-D9439253D926} => Key not found.
"C:\Program Files (x86)\PriceGong" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} => Value not found.
HKCR\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Value not found.
HKCR\Wow6432Node\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.
"C:\Program Files (x86)\BitTorrentControl_v12" => File/Directory not found.
C:\Users\Milutin\Desktop\RK_Quarantine => Moved successfully.
C:\Users\Milutin\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\Milutin\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\Users\Milutin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro => Moved successfully.
C:\ProgramData\3Vg9gVrn => Moved successfully.
C:\Users\Public\Documents\AtherosServiceConfig.ini => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====

Dopuna: 12 Okt 2013 20:47

Posle pokretanja ServicesRepair.exe kliknula sam YES,ali mi se pojavilo ovo,pa ne znam sta dalje?
This uitility will reinstall Services commonly removed by exploits .Do you want to proceed? Ima ponudjeno Yes No

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Odgovori sa Yes. Dozvoli mu da izvrsi popravke. Wink

offline
  • Pridružio: 11 Okt 2013
  • Poruke: 12

Sada treba da odgovorim na ovo:
Multiple services have been reinstaleed .You well need to reboot your computer.Reboot now?Yes No

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Nema tu sta, sve odgovaraj potvrdno ( Yes / Ok ) i dozvoli alatu da zavrsi svoj posao. Wink

Rootkit koji si imala je ostetio i obrisao po prilicnu kolicinu legitimnih Windows Servisa i taj alat ce pokusati da izvrsi popravku / reinstalaciju svih njih. Wink

Znaci dozvoli da alat izvrsi popravku i samo odgovaraj potvrdno na pitanja.

offline
  • Pridružio: 11 Okt 2013
  • Poruke: 12

Log Opened: 2013-10-12 @ 20:50:16
20:50:16 - -----------------
20:50:16 - | Begin Logging |
20:50:16 - -----------------
20:50:16 - Fix started on a WIN_7 X64 computer
20:50:16 - Prep in progress. Please Wait.
20:50:20 - Prep complete
20:50:20 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
ERROR: Writing SD to <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> failed with: The system cannot find the file specified.
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
20:50:23 - Services Repair Complete.
21:05:11 - Reboot Initiated

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Samo da ti javim da cemo nastaviti sutra. Wink

offline
  • Pridružio: 11 Okt 2013
  • Poruke: 12

Vazi,hvala puno Razz

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,
Postavljeni izvestaji izgledaju vrlo dobro. Koristicemo fix.reg da ispravimo i ubijemo neke ostatke a potom idemo na dodatnu proveru sa AntiRootkit alatom i ako su rezultati negativni to znaci da smo blizu kraja. Smile



Arrow Preuzmi fix.reg file sa ovog linka i sacuvaj ga na Desktop:
https://www.mycity.rs/must-login.png

Dvoklikom pokreni file, i na upozorenja koja dobijes odgovori potvrdno ( Yes/Ok/Merge ) da bi dozvolila editovanje registry baze.


---------- potom ----------



Arrow Preuzmi TDSSKiller i sacuvaj ga na Desktop

1) Dvoklikom pokreni TDSSKiller.exe i klikni na Change parametres.
U End user Licence Agreement dijalogu klikni na Accept.
Takođe, u KSN Statement dijalogu klikni na Accept.


2) Pod Additional options postaraj se da sledece opcije budu stiklirane:
Verify Driver Digital Signature;
Detect TDLFS file system
Use KSN to scan objects


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

Ko je trenutno na forumu
 

Ukupno su 1057 korisnika na forumu :: 59 registrovanih, 3 sakrivenih i 995 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AF-1, airsuba, Alibaba1981, amaterSRB, Areal84, babaroga, Ben Roj, bobomicek, Bobrock1, bokisha253, Boris90, boske81, cavatina, CikaKURE, darkangel, Dežurni pod palubom, djuradj, Dukelander, Excalibur13, Georgius, Koja79, krkalon, Krusarac, ladro, laganini123, mercedesamg, Miki01, mikrimaus, milenko crazy north, milos.cbr, MiroslavD, mkukoleca, Mlav, moldway, nemkea71, nenad81, nick79, nikoladim, Parker, pein, raketaš, RED4G-304, repac, Ripanjac, S-lash, Simon simonović, stegonosa, theNedjeljko, Tila Painen, tubular, Tvrtko I, vaso1, voja64, Webb, wizzardone, YU-UKI, YugoSlav, zastavnik, ZetaMan