Racunar bez zastite

1

Racunar bez zastite

offline
  • Pridružio: 25 Jan 2014
  • Poruke: 5

morando ovde Very Happy
Trenutno se nalazim kod drugara, njegov racunar je bez antivirusne zastite vec odavno pa sam pomislio da bi bilo najbolje da neko od stucnjaka sa MC foruma pomogne i analizira racunar ako nije problem i ako moze da posavetuje koji free AV da skinemo i instaliramo.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.17.2
Run by Chapa at 17:42:05 on 2014-01-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3584.2311 [GMT 1:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Windows\Explorer.EXE
C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.): {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - c:\program files\movies toolbar\datamngr\srtool~2\ie\searchresultsDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Movies Toolbar (Dist. by Bandoo Media, Inc.): {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - c:\program files\movies toolbar\datamngr\srtool~2\ie\searchresultsDx.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [iLivid] "c:\users\chapa\appdata\local\ilivid\iLivid.exe" -autorun
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{F9625C79-3EEA-4F92-9038-E682B553C932} : DHCPNameServer = 192.168.100.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chapa\appdata\roaming\mozilla\firefox\profiles\zkepk4p4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN32732393056024692&UM=1&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN32732393056024692&UM=&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\chapa\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\chapa\appdata\roaming\mozilla\firefox\profiles\zkepk4p4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\plugins\np-mswmp.dll
FF - plugin: c:\users\chapa\appdata\roaming\mozilla\firefox\profiles\zkepk4p4.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2013-1-20 20712]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files\movies toolbar\datamngr\DatamngrCoordinator.exe [2013-12-25 3447808]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-6 84992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2014-01-26 16:32:01 -------- d-----w- c:\users\chapa\appdata\local\Thunderbird
2014-01-26 16:26:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-26 16:25:04 -------- d-----w- c:\programdata\MCShield
2014-01-26 16:25:03 -------- d-----w- c:\program files\MCShield
2014-01-19 05:26:11 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{829f6d40-5162-402b-b277-5f562ccccec9}\offreg.dll
2014-01-12 17:30:56 -------- d-----w- c:\users\chapa\appdata\local\Microsoft Games
2014-01-01 01:05:59 782240 ----a-w- c:\windows\system32\deployJava1.dll
2014-01-01 01:05:43 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-01-01 00:54:10 -------- d-----w- c:\programdata\Datamngr
.
==================== Find3M ====================
.
2013-12-12 18:27:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 18:27:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:42:25.99 ===============


mycity.rs/must-login.png

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13883
  • Gde živiš: Beograd

Pozdrav,


Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 25 Jan 2014
  • Poruke: 5

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2014 01
Ran by Chapa (administrator) on CHAPA-PC on 26-01-2014 20:03:18
Running from C:\Users\Chapa\Desktop
Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17729128 2013-02-07] (Skype Technologies S.A.)
HKCU\...\Run: [iLivid] - "C:\Users\Chapa\AppData\Local\iLivid\iLivid.exe" -autorun
HKCU\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-01-20] (MyCity)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-12] (Adobe Systems Incorporated)
MountPoints2: F - F:\autorun.exe
MountPoints2: {33686293-b8c9-11e2-8046-00241da95e32} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [20480 2013-12-23] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [485376 2013-12-23] () <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40EB0E1116F7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default
FF user.js: detected! => C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://www.google.rs/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN32732393056024692&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Chapa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\bs-player-controlbar-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: HDvid Codec V6.0 - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2013-11-26]
FF Extension: Vaauudixu - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\iaio2ckla@lrwncqo.edu [2013-12-24]
FF Extension: Movies Toolbar (Dist. by Bandoo Media, Inc.) - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2014-01-01]
FF Extension: New tab - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308} [2013-12-25]
FF Extension: BS Player ControlBar - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2013-12-12]
FF Extension: Adblock Plus - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4"
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: dts.search.ask.com/sr?src=crb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Movies Toolbar) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-11-25]
CHR Extension: (Google Docs) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-21]
CHR Extension: (Google Drive) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-21]
CHR Extension: (YouTube) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-21]
CHR Extension: (Google Search) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR Extension: (Skype Click to Call) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Vaauudixu) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ollkbckgbhjbdgaccendlfffhofjfpie [2013-12-24]
CHR Extension: (Gmail) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-21]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Chapa\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx [2013-08-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3447808 2013-12-23] (Bandoo Media Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [20712 2013-01-20] (REALiX(tm))
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [112096 2012-02-09] (Power Software Ltd)
U3 mbr; \??\C:\Users\Chapa\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 20:03 - 2014-01-26 20:03 - 00014289 _____ C:\Users\Chapa\Desktop\FRST.txt
2014-01-26 20:03 - 2014-01-26 20:03 - 00000000 ____D C:\FRST
2014-01-26 20:02 - 2014-01-26 20:02 - 01222144 _____ (Farbar) C:\Users\Chapa\Desktop\FRST.exe
2014-01-26 19:02 - 2014-01-26 19:02 - 00000912 _____ C:\Users\Chapa\Desktop\Windows Mobile Device Center.lnk
2014-01-26 19:02 - 2014-01-26 19:02 - 00000828 _____ C:\Users\Chapa\Desktop\Documents on belphegor's GT-B7610.LNK
2014-01-26 19:02 - 2014-01-26 19:02 - 00000000 ____D C:\Users\Chapa\Documents\Documents on belphegor's GT-B7610
2014-01-26 19:01 - 2014-01-26 19:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-01-26 18:58 - 2014-01-26 19:01 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-26 18:56 - 2014-01-26 18:57 - 00000000 ____D C:\Users\Chapa\Desktop\100SSCAM
2014-01-26 17:42 - 2014-01-26 17:42 - 00008159 _____ C:\Users\Chapa\Desktop\dds.txt
2014-01-26 17:42 - 2014-01-26 17:42 - 00003886 _____ C:\Users\Chapa\Desktop\attach.txt
2014-01-26 17:40 - 2014-01-26 17:41 - 00688992 ____R (Swearware) C:\Users\Chapa\Desktop\dds.scr
2014-01-26 17:32 - 2014-01-26 17:32 - 00000000 ____D C:\Users\Chapa\AppData\Roaming\Thunderbird
2014-01-26 17:32 - 2014-01-26 17:32 - 00000000 ____D C:\Users\Chapa\AppData\Local\Thunderbird
2014-01-26 17:31 - 2014-01-26 17:31 - 00002032 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2014-01-26 17:29 - 2014-01-26 17:30 - 23236352 _____ (Mozilla) C:\Users\Chapa\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-26 17:26 - 2014-01-26 17:26 - 00000340 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-26 17:26 - 2014-01-01 02:05 - 00262560 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-26 17:26 - 2014-01-01 02:05 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-26 17:26 - 2014-01-01 02:05 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-26 17:26 - 2014-01-01 02:05 - 00094112 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-26 17:25 - 2014-01-26 18:55 - 00000000 ____D C:\ProgramData\MCShield
2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\Program Files\MCShield
2014-01-26 17:19 - 2014-01-26 17:19 - 02854696 _____ (MyCity) C:\Users\Chapa\Downloads\MCShield-Setup.exe
2014-01-12 18:30 - 2014-01-12 18:31 - 00000000 ____D C:\Users\Chapa\AppData\Local\Microsoft Games
2014-01-06 19:15 - 2014-01-07 03:23 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-06 19:13 - 2014-01-06 19:14 - 24097311 _____ C:\Users\Chapa\Downloads\vlc-2.1.2-win32.exe
2014-01-01 02:05 - 2014-01-01 02:05 - 00861088 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 02:05 - 2014-01-01 02:05 - 00782240 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 01:58 - 2014-01-01 01:58 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(10).exe
2014-01-01 01:54 - 2014-01-26 20:02 - 00000000 ____D C:\ProgramData\Datamngr
2014-01-01 01:53 - 2014-01-01 01:53 - 01645424 _____ (Bandoo Media Inc) C:\Users\Chapa\Downloads\iLividSetup-r420-n-bf(2).exe
2013-12-30 20:52 - 2013-12-30 20:52 - 01645424 _____ (Bandoo Media Inc) C:\Users\Chapa\Downloads\iLividSetup-r420-n-bf(1).exe
2013-12-30 20:50 - 2014-01-26 17:26 - 00000000 ____D C:\Program Files\Java
2013-12-30 20:50 - 2013-12-30 20:50 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-30 20:48 - 2013-12-30 20:48 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(9).exe
2013-12-28 08:35 - 2013-12-28 08:35 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(8).exe

==================== One Month Modified Files and Folders =======

2014-01-26 20:03 - 2014-01-26 20:03 - 00014289 _____ C:\Users\Chapa\Desktop\FRST.txt
2014-01-26 20:03 - 2014-01-26 20:03 - 00000000 ____D C:\FRST
2014-01-26 20:02 - 2014-01-26 20:02 - 01222144 _____ (Farbar) C:\Users\Chapa\Desktop\FRST.exe
2014-01-26 20:02 - 2014-01-01 01:54 - 00000000 ____D C:\ProgramData\Datamngr
2014-01-26 19:48 - 2013-02-09 10:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674969213-773107719-3183302825-1000UA.job
2014-01-26 19:40 - 2013-01-21 12:51 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 19:27 - 2013-01-20 15:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 19:05 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:05 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 19:02 - 2014-01-26 19:02 - 00000912 _____ C:\Users\Chapa\Desktop\Windows Mobile Device Center.lnk
2014-01-26 19:02 - 2014-01-26 19:02 - 00000828 _____ C:\Users\Chapa\Desktop\Documents on belphegor's GT-B7610.LNK
2014-01-26 19:02 - 2014-01-26 19:02 - 00000000 ____D C:\Users\Chapa\Documents\Documents on belphegor's GT-B7610
2014-01-26 19:02 - 2013-01-20 02:40 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 19:01 - 2014-01-26 19:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-01-26 19:01 - 2014-01-26 18:58 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-26 19:01 - 2013-01-20 11:31 - 01551986 _____ C:\Windows\WindowsUpdate.log
2014-01-26 19:01 - 2009-07-14 05:39 - 00038573 _____ C:\Windows\setupact.log
2014-01-26 19:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\LogFiles
2014-01-26 18:57 - 2014-01-26 18:56 - 00000000 ____D C:\Users\Chapa\Desktop\100SSCAM
2014-01-26 18:55 - 2014-01-26 17:25 - 00000000 ____D C:\ProgramData\MCShield
2014-01-26 17:44 - 2013-11-26 17:39 - 00002148 _____ C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job
2014-01-26 17:42 - 2014-01-26 17:42 - 00008159 _____ C:\Users\Chapa\Desktop\dds.txt
2014-01-26 17:42 - 2014-01-26 17:42 - 00003886 _____ C:\Users\Chapa\Desktop\attach.txt
2014-01-26 17:41 - 2014-01-26 17:40 - 00688992 ____R (Swearware) C:\Users\Chapa\Desktop\dds.scr
2014-01-26 17:39 - 2013-11-26 17:39 - 00001314 _____ C:\Windows\Tasks\HDvid Codec V6.0-updater.job
2014-01-26 17:32 - 2014-01-26 17:32 - 00000000 ____D C:\Users\Chapa\AppData\Roaming\Thunderbird
2014-01-26 17:32 - 2014-01-26 17:32 - 00000000 ____D C:\Users\Chapa\AppData\Local\Thunderbird
2014-01-26 17:31 - 2014-01-26 17:31 - 00002032 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-01-26 17:31 - 2014-01-26 17:31 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2014-01-26 17:31 - 2013-01-20 15:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-26 17:30 - 2014-01-26 17:29 - 23236352 _____ (Mozilla) C:\Users\Chapa\Downloads\Thunderbird Setup 24.2.0.exe
2014-01-26 17:26 - 2014-01-26 17:26 - 00000340 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-26 17:26 - 2013-12-30 20:50 - 00000000 ____D C:\Program Files\Java
2014-01-26 17:25 - 2014-01-26 17:25 - 00000000 ____D C:\Program Files\MCShield
2014-01-26 17:19 - 2014-01-26 17:19 - 02854696 _____ (MyCity) C:\Users\Chapa\Downloads\MCShield-Setup.exe
2014-01-26 17:12 - 2013-01-21 12:51 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 17:07 - 2013-02-09 10:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3674969213-773107719-3183302825-1000Core.job
2014-01-26 16:58 - 2013-02-22 12:53 - 00000000 ____D C:\Users\Chapa\AppData\Roaming\Skype
2014-01-18 06:43 - 2013-01-21 12:57 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-18 06:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 18:31 - 2014-01-12 18:30 - 00000000 ____D C:\Users\Chapa\AppData\Local\Microsoft Games
2014-01-07 03:23 - 2014-01-06 19:15 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-06 19:24 - 2013-12-24 10:31 - 00000000 ____D C:\ProgramData\Viaudix
2014-01-06 19:24 - 2013-01-30 18:45 - 00102022 _____ C:\Windows\PFRO.log
2014-01-06 19:22 - 2013-12-24 10:31 - 00000000 ____D C:\ProgramData\c17ac72fb7229ed0
2014-01-06 19:22 - 2013-12-24 10:31 - 00000000 ____D C:\Program Files\Viaudix
2014-01-06 19:16 - 2013-01-20 15:42 - 00000000 ____D C:\Users\Chapa\AppData\Roaming\vlc
2014-01-06 19:14 - 2014-01-06 19:13 - 24097311 _____ C:\Users\Chapa\Downloads\vlc-2.1.2-win32.exe
2014-01-01 02:05 - 2014-01-26 17:26 - 00262560 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-01 02:05 - 2014-01-26 17:26 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-01 02:05 - 2014-01-26 17:26 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-01 02:05 - 2014-01-26 17:26 - 00094112 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-01 02:05 - 2014-01-01 02:05 - 00861088 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 02:05 - 2014-01-01 02:05 - 00782240 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 01:58 - 2014-01-01 01:58 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(10).exe
2014-01-01 01:54 - 2013-11-25 02:47 - 00000000 ____D C:\ProgramData\Wincert
2014-01-01 01:53 - 2014-01-01 01:53 - 01645424 _____ (Bandoo Media Inc) C:\Users\Chapa\Downloads\iLividSetup-r420-n-bf(2).exe
2013-12-30 20:52 - 2013-12-30 20:52 - 01645424 _____ (Bandoo Media Inc) C:\Users\Chapa\Downloads\iLividSetup-r420-n-bf(1).exe
2013-12-30 20:50 - 2013-12-30 20:50 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-30 20:50 - 2013-11-03 14:45 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 20:48 - 2013-12-30 20:48 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(9).exe
2013-12-28 08:35 - 2013-12-28 08:35 - 00915368 _____ (Oracle Corporation) C:\Users\Chapa\Downloads\jxpiinstall(8).exe

Files to move or delete:
====================
C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll


Some content of TEMP:
====================
C:\Users\Chapa\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 06:27

==================== End Of Log ============================


mycity.rs/must-login.png

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13883
  • Gde živiš: Beograd

Iz Control Panel-a obrisi sledece:
- HDvid Codec V6.0
- HDVidCodec
- Movies Toolbar for Chrome
- Movies Toolbar for Firefox
- Movies Toolbar for Internet Explorer


Restartuj racunar.



ZATIM


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
HKCU\...\Run: [iLivid] - "C:\Users\Chapa\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Program Files\Movies Toolbar
C:\Users\Chapa\AppData\Local\iLivid
MountPoints2: F - F:\autorun.exe
MountPoints2: {33686293-b8c9-11e2-8046-00241da95e32} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [20480 2013-12-23] ()
C:\PROGRA~1\MOVIES~1
C:\ProgramData\Wincert
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [485376 2013-12-23] () <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40EB0E1116F7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN32732393056024692&UM=&q=
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\bs-player-controlbar-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: HDvid Codec V6.0 - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2013-11-26]
FF Extension: Vaauudixu - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\iaio2ckla@lrwncqo.edu [2013-12-24]
FF Extension: Movies Toolbar (Dist. by Bandoo Media, Inc.) - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2014-01-01]
FF Extension: New tab - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308} [2013-12-25]
FF Extension: BS Player ControlBar - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2013-12-12]
CHR Extension: (Movies Toolbar) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-11-25]
CHR Extension: (Vaauudixu) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ollkbckgbhjbdgaccendlfffhofjfpie [2013-12-24]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Chapa\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx [2013-08-20]
R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3447808 2013-12-23] (Bandoo Media Inc.)
C:\ProgramData\Datamngr
cmd: del C:\Users\Chapa\Downloads\*.exe
Task: {4986CD74-00E5-4F67-BA88-95DA01519BA4} - System32\Tasks\HDvid Codec V6.0-firefoxinstaller => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe [2013-11-26] (installdaddy) <==== ATTENTION
Task: {BBC7D2B2-19F3-461E-B1D5-78DE0449F654} - System32\Tasks\HDvid Codec V6.0-updater => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe [2013-11-26] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe
Task: C:\Windows\Tasks\HDvid Codec V6.0-updater.job => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe
cmd: ipconfig /flushdns

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



ZATIM


Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 25 Jan 2014
  • Poruke: 5

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-01-2014 01
Ran by Chapa at 2014-01-26 20:59:05 Run:1
Running from C:\Users\Chapa\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
HKCU\...\Run: [iLivid] - "C:\Users\Chapa\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Program Files\Movies Toolbar
C:\Users\Chapa\AppData\Local\iLivid
MountPoints2: F - F:\autorun.exe
MountPoints2: {33686293-b8c9-11e2-8046-00241da95e32} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\Datamngr\mgrldr.dll => C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [20480 2013-12-23] ()
C:\PROGRA~1\MOVIES~1
C:\ProgramData\Wincert
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [485376 2013-12-23] () <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=u10781-177&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40EB0E1116F7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN32732393056024692&UM=&q=
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\bs-player-controlbar-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: HDvid Codec V6.0 - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2013-11-26]
FF Extension: Vaauudixu - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\iaio2ckla@lrwncqo.edu [2013-12-24]
FF Extension: Movies Toolbar (Dist. by Bandoo Media, Inc.) - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} [2014-01-01]
FF Extension: New tab - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308} [2013-12-25]
FF Extension: BS Player ControlBar - C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2013-12-12]
CHR Extension: (Movies Toolbar) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob [2013-11-25]
CHR Extension: (Vaauudixu) - C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ollkbckgbhjbdgaccendlfffhofjfpie [2013-12-24]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\Chapa\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx [2013-08-20]
R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3447808 2013-12-23] (Bandoo Media Inc.)
C:\ProgramData\Datamngr
cmd: del C:\Users\Chapa\Downloads\*.exe
Task: {4986CD74-00E5-4F67-BA88-95DA01519BA4} - System32\Tasks\HDvid Codec V6.0-firefoxinstaller => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe [2013-11-26] (installdaddy) <==== ATTENTION
Task: {BBC7D2B2-19F3-461E-B1D5-78DE0449F654} - System32\Tasks\HDvid Codec V6.0-updater => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe [2013-11-26] (installdaddy) <==== ATTENTION
Task: C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-firefoxinstaller.exe
Task: C:\Windows\Tasks\HDvid Codec V6.0-updater.job => C:\Program Files\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe
cmd: ipconfig /flushdns
*****************

C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe => No running process found
C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe => No running process found
C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe => No running process found
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value deleted successfully.
"C:\Program Files\Movies Toolbar" => File/Directory not found.
"C:\Users\Chapa\AppData\Local\iLivid" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33686293-b8c9-11e2-8046-00241da95e32} => Key deleted successfully.
HKCR\CLSID\{33686293-b8c9-11e2-8046-00241da95e32} => Key not found.
"C:\\PROGRA~2\\Wincert\\WIN32C~1.DLL" => Value Data not found.
"C:\\PROGRA~1\\MOVIES~1\\Datamngr\\mgrldr.dll" => Value Data not found.
"C:\PROGRA~1\MOVIES~1" => File/Directory not found.
"C:\ProgramData\Wincert" => File/Directory not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => Key not found.
HKCR\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => Value not found.
HKCR\CLSID\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => Key not found.
Firefox Keyword.URL deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\Ask.xml => Moved successfully.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\searchplugins\bs-player-controlbar-customized-web-search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com => not found.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\iaio2ckla@lrwncqo.edu => Moved successfully.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} => not found.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{6F977649-B06D-7809-9725-1FCFD3AC8308} => not found.
C:\Users\Chapa\AppData\Roaming\Mozilla\Firefox\Profiles\zkepk4p4.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Moved successfully.
C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob => Moved successfully.
C:\Users\Chapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ollkbckgbhjbdgaccendlfffhofjfpie => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob => Key not found.
"C:\Users\Chapa\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx" => File/Directory not found.
DatamngrCoordinator => Service not found.
"C:\ProgramData\Datamngr" => File/Directory not found.

========= del C:\Users\Chapa\Downloads\*.exe =========


========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4986CD74-00E5-4F67-BA88-95DA01519BA4} => Key not found.
C:\Windows\System32\Tasks\HDvid Codec V6.0-firefoxinstaller not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V6.0-firefoxinstaller => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBC7D2B2-19F3-461E-B1D5-78DE0449F654} => Key not found.
C:\Windows\System32\Tasks\HDvid Codec V6.0-updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V6.0-updater => Key not found.
C:\Windows\Tasks\HDvid Codec V6.0-firefoxinstaller.job not found.
C:\Windows\Tasks\HDvid Codec V6.0-updater.job not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====


mycity.rs/must-login.png

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13883
  • Gde živiš: Beograd

U redu, pocistili smo Toolbarove i Adware i imamo jos jednu proveru. Uzgred, kazi mi, kakvo je stanje?



Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Pridružio: 19 Maj 2011
  • Poruke: 281

Ja sam morao da odem od njega. Moram ovo nastaviti neki drugi put, jer smo imali malo vremena. :/
Hvala za sad, videcu sto pre da nastavim.

offline
  • Pridružio: 25 Jan 2014
  • Poruke: 5

Evo nas malo sa zakasnjenjem. :/

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-28 17:42:20
-----------------------------
17:42:20.590 OS Version: Windows 6.1.7600
17:42:20.590 Number of processors: 2 586 0x602
17:42:20.593 ComputerName: CHAPA-PC UserName: Chapa
17:42:22.916 Initialize success
17:48:01.575 AVAST engine defs: 14012700
17:49:42.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:49:42.767 Disk 0 Vendor: WDC_WD16 05.0 Size: 152626MB BusType: 3
17:49:42.909 Disk 0 MBR read successfully
17:49:42.920 Disk 0 MBR scan
17:49:42.930 Disk 0 Windows 7 default MBR code
17:49:42.939 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:49:42.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 79900 MB offset 206848
17:49:42.985 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 72624 MB offset 163842048
17:49:42.996 Disk 0 scanning sectors +312576000
17:49:43.081 Disk 0 scanning C:\Windows\system32\drivers
17:49:50.247 Service scanning
17:50:06.624 Modules scanning
17:50:11.589 Disk 0 trace - called modules:
17:50:11.617 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
17:50:11.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f6438]
17:50:11.652 3 CLASSPNP.SYS[8c79c59e] -> nt!IofCallDriver -> [0x86016320]
17:50:11.660 5 ACPI.sys[833b13b2] -> nt!IofCallDriver -> \Device\0000005b[0x86016560]
17:50:12.041 AVAST engine scan C:\Windows
17:50:13.479 AVAST engine scan C:\Windows\system32
17:52:48.200 AVAST engine scan C:\Windows\system32\drivers
17:52:56.453 AVAST engine scan C:\Users\Chapa
17:53:31.018 File: C:\Users\Chapa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SOMO8VZ\agent2[1].exe **INFECTED** Win32:Agent-ASOC [Adw]
17:56:42.828 AVAST engine scan C:\ProgramData
17:57:05.332 Scan finished successfully
17:58:22.822 Disk 0 MBR has been saved successfully to "C:\Users\Chapa\Desktop\MBR.dat"
17:58:22.829 The log file has been saved successfully to "C:\Users\Chapa\Desktop\aswMBR.txt"

offline
  • Dazdingo
  • public static void main
  • Pridružio: 09 Avg 2011
  • Poruke: 13883
  • Gde živiš: Beograd

Racunar je cist Smile

Ono sto bih jos dodatno uradio jeste praznjenje Temp foldera. To mozes uraditi sa alatom ispod:


Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.


Nakon toga da pocistimo koriscene alate:



Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.



==========================================================


Neke moje dodatne preporuke, koje mozes, a i ne moras da uradis:


Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html



TwinHeadedEagle (AMF Tim)

offline
  • Pridružio: 25 Jan 2014
  • Poruke: 5

Hvala na izdvojenom vremenu i pomoci.


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 783 korisnika na forumu :: 63 registrovanih, 9 sakrivenih i 711 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1383 - dana 19 Okt 2014 22:26

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 11neco11, _commandos_, _Sale, Acid_Burn, aleksa2, amir3045, anima.art, antonela2, argus, BlackPhantom, bluesky, Boris90, Boter, BSD, Chuck Norris, crnikg, croato, darkangel2, darkstar101, dekao, djonsule, dobri covek, dollar, drgnk, Dusan, E.L.I.T.E., faris.orman, filiphr, Gargantua2, hyla, ivica976, krunc, Levi, LonelyWolf, lovac12, Luka Vujcic, miki68pz, milijarder, minmatar34957, neko iz mase2, pein, PRIVATE RYAN, ray ban11, Sale.S, samsung, scout01, shone34, Singidunumac, SlobaBgd, spasa2, Springfield, Srdjan Ciglic, sremac983, stalker2, TabskoPit, Toni, Trpe Grozni, uruk, vasa.93, vathra, vnf, zoranzota, Žan Klod vam dam
Siguran hosting