Potvrda dezinfekcije

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 18 Mar 2015 13:39

Meni ovi logovi deluju cisto al hocu da proverim sa vama

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Dado (administrator) on DADO-PC on 18-03-2015 13:23:02
Running from C:\Users\Dado\Desktop
Loaded Profiles: Dado (Available profiles: Dado)
Platform: Microsoft® Windows Vista™ Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(BitTorrent Inc.) C:\Users\Dado\AppData\Roaming\BitTorrent\BitTorrent.exe
(Facebook Inc.) C:\Users\Dado\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() D:\Telenor Internet\AssistantServices.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1004136 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [488984 2007-02-08] (Logitech Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [774168 2007-02-08] ()
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
HKLM\...\Run: [UIExec] => D:\\Telenor Internet\UIExec.exe [153424 2012-02-24] ()
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [BitTorrent] => C:\Users\Dado\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [Facebook Update] => C:\Users\Dado\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-01-22] (Facebook Inc.)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [SoftonicAssistant] => "C:\Users\Dado\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d669-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d7da-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {73d79a8d-9ef1-11e3-a215-002421345dfc} - G:\Windows\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_RS
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-05-28] (Sun Microsystems, Inc.)
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-05-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dado\AppData\Roaming\Mozilla\Firefox\Profiles\5ecyvoxf.default
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll [2012-05-28] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-05-28] (Sun Microsystems, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1127178626-1236562763-1598676563-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dado\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1127178626-1236562763-1598676563-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dado\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1127178626-1236562763-1598676563-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Dado\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-06] (Nullsoft, Inc.)
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Dado\AppData\Roaming\Mozilla\Firefox\Profiles\5ecyvoxf.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-03-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-03-18]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.rs/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U23) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Dado\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-04-11]
CHR Extension: (YouTube) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-11]
CHR Extension: (Google Search) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Gmail) - C:\Users\Dado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-11]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Dado\AppData\Local\Temp\ccex.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 UI Assistant Service; D:\Telenor Internet\AssistantServices.exe [270672 2012-02-24] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [263272 2006-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2011-10-22] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2015-02-08] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-10-22] ()
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490784 2007-02-03] (Logitech Inc.)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [68352 2011-10-10] (ZTE)
S3 zte_wcpo; C:\Windows\System32\DRIVERS\zte_wcpo.sys [9600 2011-10-10] (ZTE)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 13:23 - 2015-03-18 13:23 - 00017253 _____ () C:\Users\Dado\Desktop\FRST.txt
2015-03-18 13:22 - 2015-03-18 13:23 - 00000000 ____D () C:\FRST
2015-03-18 13:21 - 2015-03-18 13:22 - 01135104 _____ (Farbar) C:\Users\Dado\Desktop\FRST.exe
2015-03-18 13:12 - 2015-03-18 13:12 - 01270544 _____ (Ellora Assets Corporation ) C:\Users\Dado\Downloads\FreemakeVideoConverterSetup.exe
2015-03-18 10:43 - 2015-03-18 10:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 12:03 - 2015-03-04 12:03 - 00143576 _____ () C:\Windows\Minidump\Mini030415-01.dmp
2015-02-27 11:33 - 2011-01-20 14:40 - 00000776 _____ () C:\Users\Dado\Desktop\Winamp.lnk
2015-02-22 15:30 - 2015-02-22 15:30 - 00143576 _____ () C:\Windows\Minidump\Mini022215-01.dmp
2015-02-20 10:44 - 2015-02-20 10:45 - 00143576 _____ () C:\Windows\Minidump\Mini022015-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 13:20 - 2012-01-04 10:51 - 00000000 ____D () C:\Users\Dado\AppData\Roaming\BitTorrent
2015-03-18 13:07 - 2014-12-14 10:12 - 00000000 ____D () C:\Program Files\TeamViewer
2015-03-18 12:57 - 2006-11-02 13:51 - 01269808 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 12:56 - 2011-01-20 14:15 - 00000000 ____D () C:\Users\Dado\AppData\Roaming\Skype
2015-03-18 12:54 - 2012-04-25 06:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-18 12:54 - 2011-03-02 12:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 12:54 - 2006-11-02 14:00 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-18 12:54 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 12:54 - 2006-11-02 13:46 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 12:54 - 2006-11-02 13:46 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 12:51 - 2012-05-23 13:13 - 00000000 ____D () C:\Program Files\Amazon
2015-03-18 12:44 - 2013-01-29 15:29 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-03-18 12:33 - 2011-03-02 12:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 12:31 - 2013-03-19 17:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 12:27 - 2011-09-14 15:56 - 00000438 ____H () C:\Windows\Tasks\Norton Security Scan for Dado.job
2015-03-17 19:33 - 2014-01-22 16:28 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1127178626-1236562763-1598676563-1000UA.job
2015-03-17 16:32 - 2014-01-22 16:27 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1127178626-1236562763-1598676563-1000Core.job
2015-03-12 05:36 - 2012-04-11 17:39 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 12:03 - 2014-11-15 21:33 - 226430448 _____ () C:\Windows\MEMORY.DMP
2015-03-04 12:03 - 2011-01-22 00:13 - 00000000 ____D () C:\Windows\Minidump
2015-03-03 10:25 - 2006-11-02 11:33 - 00720952 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 10:23 - 2013-06-04 09:18 - 00000000 ____D () C:\Users\Dado\Desktop\skolica sporta
2015-03-03 10:23 - 2011-01-26 14:05 - 00215552 _____ () C:\Users\Dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-19 15:55 - 2015-01-03 15:12 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-19 15:55 - 2015-01-03 15:12 - 00000828 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-19 00:27 - 2011-01-20 14:15 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2011-01-20 13:25 - 2011-01-20 13:25 - 0017089 _____ () C:\Users\Dado\AppData\Roaming\UserTile.png
2012-09-09 22:58 - 2012-09-11 06:47 - 0000000 ____H () C:\Users\Dado\AppData\Roaming\windrvconfig.txt
2011-01-20 07:51 - 2013-12-02 18:31 - 0001356 _____ () C:\Users\Dado\AppData\Local\d3d9caps.dat
2011-01-26 14:05 - 2015-03-03 10:23 - 0215552 _____ () C:\Users\Dado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.5536.dll


Some content of TEMP:
====================
C:\Users\Dado\AppData\Local\Temp\00a5661a.exe
C:\Users\Dado\AppData\Local\Temp\018d97a1.exe
C:\Users\Dado\AppData\Local\Temp\019583f3.exe
C:\Users\Dado\AppData\Local\Temp\01ae9fde.exe
C:\Users\Dado\AppData\Local\Temp\01b77548.exe
C:\Users\Dado\AppData\Local\Temp\01bf8212.exe
C:\Users\Dado\AppData\Local\Temp\AMPing.exe
C:\Users\Dado\AppData\Local\Temp\DTLite4491-0356.exe
C:\Users\Dado\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Dado\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Dado\AppData\Local\Temp\SimBundD.exe
C:\Users\Dado\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dado\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
C:\Windows\System32\ssprs.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-18 13:00

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Dopuna: 18 Mar 2015 13:40

podebljao sam sumljivo

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

Linkey

Norton Security Scan
Skype Click to Call
Yahoo! BrowserPlus 2.9.8



Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [SoftonicAssistant] => "C:\Users\Dado\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d669-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d7da-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {73d79a8d-9ef1-11e3-a215-002421345dfc} - G:\Windows\AutoRun.exe
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_RS
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Dado\AppData\Local\Temp\ccex.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\InprocServer32 -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
C:\Users\Public\AlexaNSISPlugin.5536.dll
C:\Program Files\MapsGalaxy_39
C:\Program Files\BitTorrentBar
C:\Users\Dado\AppData\Local\SoftonicAssistant
EmptyTemp:



U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Norton ne pokrece deinstalaciju

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Dado at 2015-03-19 19:25:12 Run:1
Running from C:\Users\Dado\Desktop
Loaded Profiles: Dado (Available profiles: Dado)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\Run: [SoftonicAssistant] => "C:\Users\Dado\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d669-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {4390d7da-0d9f-11e2-80eb-002421345dfc} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\...\MountPoints2: {73d79a8d-9ef1-11e3-a215-002421345dfc} - G:\Windows\AutoRun.exe
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_RS
URLSearchHook: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO: Search Assistant BHO -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
BHO: BitTorrentBar Toolbar -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
Toolbar: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Dado\AppData\Local\Temp\ccex.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\InprocServer32 -> C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\InprocServer32 -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
C:\Users\Public\AlexaNSISPlugin.5536.dll
C:\Program Files\MapsGalaxy_39
C:\Program Files\BitTorrentBar
C:\Users\Dado\AppData\Local\SoftonicAssistant
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor => value deleted successfully.
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SoftonicAssistant => value deleted successfully.
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4390d669-0d9f-11e2-80eb-002421345dfc} => Key not found.
HKCR\CLSID\{4390d669-0d9f-11e2-80eb-002421345dfc} => Key not found.
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4390d7da-0d9f-11e2-80eb-002421345dfc} => Key not found.
HKCR\CLSID\{4390d7da-0d9f-11e2-80eb-002421345dfc} => Key not found.
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d79a8d-9ef1-11e3-a215-002421345dfc} => Key not found.
HKCR\CLSID\{73d79a8d-9ef1-11e3-a215-002421345dfc} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKCR\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKCR\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKU\S-1-5-21-1127178626-1236562763-1598676563-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
"HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}" => Key deleted successfully.
"HKU\S-1-5-21-1127178626-1236562763-1598676563-1000_Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}" => Key deleted successfully.
C:\Users\Public\AlexaNSISPlugin.5536.dll => Moved successfully.
"C:\Program Files\MapsGalaxy_39" => File/Directory not found.
"C:\Program Files\BitTorrentBar" => File/Directory not found.
"C:\Users\Dado\AppData\Local\SoftonicAssistant" => File/Directory not found.

==== End of Fixlog 19:25:13 ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.