Spor laptop, gomila nepozeljnih stvari

Spor laptop, gomila nepozeljnih stvari

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3745
  • Gde živiš: 127.0.0.1

U pitanju je zenin laptop (netbook zapravo), koji moj surak cesto pozajmljuje. Daleko je on od impresivnih performansi, ali ovo kako radi je na nivou 286. Ja sam pocistio koliko sam znao, razlika u brzini je primetna, ali bih da proverim to.

Avast sam morao da iskljucim da skinem FRST jer ga je konstantno blokirao kao pretnju.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015
Ran by Milica (administrator) on RADOVAN (25-08-2015 20:14:37)
Running from C:\Documents and Settings\Milica\My Documents\Downloads
Loaded Profiles: Milica (Available Profiles: slobodan & Milica & Race)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PersistenceThread] => C:\WINDOWS\system32\PersistenceThread.exe [92696 2009-05-01] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17567744 2009-03-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-02-27] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll [2009-04-28] ()
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\...\Run: [Google Update] => C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2015-01-25] (Google Inc.)
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll File not found
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2010-01-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-08-04] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&i=26&did=10963&loc=skw
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - No File
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {04244239-BDA5-4AF1-BDF1-F6267E860083} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: MrFroggy Class -> {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -> C:\Program Files\Minibar\Froggy.dll [2011-06-01] (TODO: <название компании>)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-04] (AVAST Software)
BHO: MinibarBHO -> {AA74D58F-ACD0-450D-A85E-6C04B171C044} -> C:\Program Files\Minibar\Kango.dll [2011-05-26] (KangoExtensions)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-07] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-07] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F04A5BAE-0B95-474E-A78B-87335FB41A2B}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-07] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-2621537104-4152392858-1037202297-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2621537104-4152392858-1037202297-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-19] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-12]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2014-07-21] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Milica\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Race\Application Data\BabSolution\CR\Delta.crx [2013-03-13]
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CHR HKLM\...\Chrome\Extension: [fhjnbgadgmmffddcilnbmcieekimilcn] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-12-26]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Race\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-12-26]
StartMenuInternet: chrome.exe - C:\Documents and Settings\RADE\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-06-27] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
S3 Installer Service; C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [119296 2011-04-12] () [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated) [File not signed]
S2 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1952512 2009-02-20] (Broadcom Corporation)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534312 2009-02-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-03-19] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-10-30] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 eusk2par; C:\WINDOWS\system32\Drivers\eusk2par.sys [25680 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R1 HWiNFO32; C:\Program Files\HWiNFO32\HWiNFO32.SYS [20216 2011-05-22] (REALiX(tm))
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5096544 2009-04-28] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 tffsport; C:\WINDOWS\System32\DRIVERS\tffsport.sys [149376 2008-04-14] (M-Systems)
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 20:14 - 2015-08-25 20:14 - 00000000 ____D C:\FRST
2015-08-25 19:13 - 2015-08-25 19:13 - 00000000 ____D C:\Documents and Settings\Milica\Application Data\Minibar
2015-08-20 09:52 - 2015-08-21 17:37 - 00020562 ____H C:\Documents and Settings\Milica\My Documents\~WRL3993.tmp
2015-08-15 18:38 - 2015-08-15 18:38 - 00002110 _____ C:\Documents and Settings\Race\Desktop\Shortcut to nympho-svag2.lnk
2015-08-15 18:38 - 2015-08-15 18:38 - 00001943 _____ C:\Documents and Settings\Race\Desktop\Shortcut to nympho-lhhr.lnk
2015-08-15 18:38 - 2015-08-15 18:38 - 00001943 _____ C:\Documents and Settings\Race\Desktop\Shortcut to nympho-hoal.lnk
2015-08-11 20:27 - 2015-08-11 20:27 - 00000000 ____D C:\Documents and Settings\Race\Start Menu\Programs\CyberLink PowerDVD 8
2015-08-10 04:39 - 2015-08-10 04:39 - 00106496 _____ C:\WINDOWS\Minidump\Mini081015-01.dmp
2015-08-09 21:04 - 2015-08-09 21:06 - 00000000 ____D C:\Documents and Settings\Race\Desktop\New Folder
2015-08-01 11:35 - 2015-08-01 11:35 - 00106496 _____ C:\WINDOWS\Minidump\Mini080115-05.dmp
2015-08-01 11:28 - 2015-08-01 11:27 - 00106496 _____ C:\WINDOWS\Minidump\Mini080115-04.dmp
2015-08-01 11:12 - 2015-08-01 11:12 - 00106496 _____ C:\WINDOWS\Minidump\Mini080115-03.dmp
2015-08-01 10:56 - 2015-08-01 10:56 - 00106496 _____ C:\WINDOWS\Minidump\Mini080115-02.dmp
2015-08-01 10:41 - 2015-08-01 10:41 - 00106496 _____ C:\WINDOWS\Minidump\Mini080115-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 20:15 - 2010-01-15 02:45 - 00000000 ____D C:\Documents and Settings\Milica\Local Settings\Temp
2015-08-25 20:08 - 2012-05-13 12:13 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1009UA.job
2015-08-25 20:08 - 2010-08-22 16:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-25 20:08 - 2009-07-23 23:48 - 01721301 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 19:52 - 2011-07-22 22:11 - 00000855 ____C C:\Documents and Settings\Milica\Desktop\Shortcut to My Movies.lnk
2015-08-25 19:51 - 2012-08-22 21:47 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-25 19:51 - 2010-08-22 16:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-25 19:49 - 2011-12-10 19:46 - 00000990 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1006UA.job
2015-08-25 19:46 - 2010-03-05 20:55 - 00000435 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-08-25 19:45 - 2011-07-11 13:12 - 00000000 ____D C:\Program Files\IDA
2015-08-25 19:45 - 2009-07-23 23:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 19:45 - 2009-07-23 16:44 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-25 19:45 - 2009-07-23 16:44 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-25 19:44 - 2010-01-15 02:45 - 00000178 __SHC C:\Documents and Settings\Milica\ntuser.ini
2015-08-25 19:44 - 2010-01-15 02:45 - 00000000 ____D C:\Documents and Settings\Milica
2015-08-25 19:44 - 2009-07-23 23:54 - 00032632 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-25 19:40 - 2015-03-05 21:35 - 00043769 _____ C:\WINDOWS\setupapi.log
2015-08-25 19:40 - 2009-07-24 02:03 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-08-25 19:40 - 2009-07-23 16:40 - 00222223 _____ C:\WINDOWS\setupact.log
2015-08-25 19:38 - 2011-04-05 18:33 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1007UA.job
2015-08-25 19:37 - 2010-01-15 02:45 - 00000000 ____D C:\Documents and Settings\Milica\Application Data\Adobe
2015-08-25 19:37 - 2009-07-24 03:22 - 00000000 ____D C:\Program Files\Adobe
2015-08-25 19:23 - 2009-07-23 23:46 - 00000000 ____D C:\Program Files\MSN
2015-08-25 19:20 - 2010-01-15 01:31 - 00085862 ____C C:\WINDOWS\DPINST.LOG
2015-08-25 19:18 - 2013-07-21 23:05 - 00000000 ___RD C:\Program Files\Skype
2015-08-25 19:18 - 2011-08-12 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-08-25 19:13 - 2010-01-15 02:45 - 00000000 ____D C:\Documents and Settings\Milica\Local Settings\Application Data\Google
2015-08-25 19:13 - 2010-01-15 01:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2015-08-25 19:13 - 2009-07-24 02:20 - 00000000 ____D C:\Program Files\Google
2015-08-25 19:03 - 2013-01-23 01:58 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1009UA.job
2015-08-25 18:56 - 2011-11-12 22:51 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1005UA.job
2015-08-25 18:45 - 2010-08-20 21:39 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1005UA.job
2015-08-25 14:38 - 2011-04-05 18:33 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1007Core.job
2015-08-25 13:25 - 2013-06-23 20:17 - 00000262 _____ C:\WINDOWS\Tasks\EPUpdater.job
2015-08-25 11:49 - 2011-12-10 19:46 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1006Core.job
2015-08-25 01:03 - 2013-01-23 01:58 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1009Core.job
2015-08-24 22:08 - 2012-05-13 12:13 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1009Core.job
2015-08-24 21:56 - 2011-11-12 22:51 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1005Core.job
2015-08-24 21:45 - 2010-08-20 21:39 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2621537104-4152392858-1037202297-1005Core.job
2015-08-19 14:48 - 2009-07-24 00:25 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-18 13:43 - 2012-05-13 12:04 - 00000178 __SHC C:\Documents and Settings\Race\ntuser.ini
2015-08-18 13:42 - 2012-05-13 12:04 - 00000000 ____D C:\Documents and Settings\Race
2015-08-18 13:41 - 2012-05-13 12:04 - 00000000 ____D C:\Documents and Settings\Race\Local Settings\Temp
2015-08-12 05:20 - 2009-07-24 02:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-08-12 05:13 - 2013-07-23 00:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 03:05 - 2010-01-21 18:53 - 129304528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 20:30 - 2013-07-21 23:06 - 00000000 ____D C:\Documents and Settings\Race\Application Data\Skype
2015-08-11 20:29 - 2013-01-27 03:05 - 00000000 ____D C:\Documents and Settings\Race\Tracing
2015-08-10 04:39 - 2010-08-26 16:18 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-10 01:57 - 2013-12-25 22:58 - 00000000 ____D C:\Documents and Settings\Race\Desktop\nove pesem kola
2015-07-26 23:16 - 2014-08-31 03:32 - 00000000 ____D C:\Documents and Settings\Race\Local Settings\Application Data\SWDS

==================== Files in the root of some directories =======

2013-02-09 14:50 - 2013-02-09 14:50 - 4126720 ____C () C:\Program Files\GUT91.tmp
2013-03-13 20:04 - 2012-06-13 09:23 - 0893560 ____C (Complitly ) C:\Program Files\Common Files\AutoCompletePro.exe
2010-01-17 17:26 - 2012-02-12 13:57 - 0041984 ____C () C:\Documents and Settings\Milica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-22 21:42 - 2011-07-22 02:51 - 0000600 ____C () C:\Documents and Settings\Milica\Local Settings\Application Data\PUTTY.RND

Some files in TEMP:
====================
C:\Documents and Settings\Milica\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Milica\Local Settings\Temp\GURF.exe
C:\Documents and Settings\Milica\Local Settings\Temp\Nokia_Ovi_Suite_PCS_Update.exe
C:\Documents and Settings\Milica\Local Settings\Temp\Nokia_PC_Suite_eng.exe
C:\Documents and Settings\Milica\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Milica\Local Settings\Temp\TFRBD.exe
C:\Documents and Settings\Milica\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\RADE\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\RADE\Local Settings\Temp\GomEncDnInstaller.exe
C:\Documents and Settings\RADE\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\slobodan\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\slobodan\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\slobodan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\Race\APPLIC~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
C:\DOCUME~1\Race\APPLIC~1\BABSOL~1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:131C0EE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1AE68282
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1D32EC29
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:3064D21D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:35759C73
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:3B3A35EC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:41099CE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:4D066AD2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:8750DCE4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9B52F176
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9E22BBE8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:ADE16379
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:C46995DA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D6A1EE83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:EB603FE4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F7862839
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll File not found
c:\docume~1\alluse~1\applic~1\bitguard
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&i=26&did=10963&loc=skw
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - No File
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {04244239-BDA5-4AF1-BDF1-F6267E860083} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Race\Application Data\BabSolution\CR\Delta.crx [2013-03-13]
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CHR HKLM\...\Chrome\Extension: [fhjnbgadgmmffddcilnbmcieekimilcn] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-12-26]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Race\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-12-26]
S2 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [X]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U1 WS2IFSL; no ImagePath


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3745
  • Gde živiš: 127.0.0.1

Prvi put je pukao (Not responding - Send/Don't send), drugi pu je zavrsio.

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015
Ran by Milica (2015-08-25 23:59:38) Run:2
Running from C:\Documents and Settings\Milica\My Documents\Downloads
Loaded Profiles: Milica (Available Profiles: slobodan & Milica & Race)
Boot Mode: Normal

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\Race\APPLIC~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
C:\DOCUME~1\Race\APPLIC~1\BABSOL~1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:131C0EE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1AE68282
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:1D32EC29
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:3064D21D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:35759C73
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:3B3A35EC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:41099CE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:4D066AD2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:8750DCE4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9B52F176
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9E22BBE8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:ADE16379
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:B623B5B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:C46995DA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D6A1EE83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:EB603FE4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F7862839
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll => c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll File not found
c:\docume~1\alluse~1\applic~1\bitguard
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&i=26&did=10963&loc=skw
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao751h&r=0xph01107906l03e3wu75w47m15774
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
URLSearchHook: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 - (No Name) - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - No File
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={76F1D83D-681D-11E2-8A96-0C60760A58ED}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {04244239-BDA5-4AF1-BDF1-F6267E860083} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQVmULY4T&loc=skw&search={searchTerms}&i=26&did=10963
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2621537104-4152392858-1037202297-1007 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Documents and Settings\Race\Application Data\BabSolution\CR\Delta.crx [2013-03-13]
CHR HKLM\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\System32\jmdp\pnte.crx <not found>
CHR HKLM\...\Chrome\Extension: [fhjnbgadgmmffddcilnbmcieekimilcn] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-12-26]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Race\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx <not found>
CHR HKLM\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-12-26]
S2 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [X]
S3 DKbFltr; system32\DRIVERS\DKbFltr.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
U1 WS2IFSL; no ImagePath
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\EPUpdater.job not found.
"C:\DOCUME~1\Race\APPLIC~1\BABSOL~1" => File/Folder not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":131C0EE9" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":1AE68282" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":1D32EC29" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":3064D21D" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":35759C73" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":3B3A35EC" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":41099CE9" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":4D066AD2" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":798A3728" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":8750DCE4" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":9B52F176" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":9E22BBE8" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":ADE16379" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":B623B5B8" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":C46995DA" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":D1B5B4F1" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":D6A1EE83" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":EB603FE4" ADS not found.
"C:\Documents and Settings\All Users\Application Data\Temp" => ":F7862839" ADS not found.
"c:\docume~1\alluse~1\applic~1\bitguard\261673~1.238\{c16c1~1\bitguard.dll" => Value data not found.
"c:\docume~1\alluse~1\applic~1\bitguard" => File/Folder not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} => value not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04244239-BDA5-4AF1-BDF1-F6267E860083} => key not found.
HKCR\CLSID\{04244239-BDA5-4AF1-BDF1-F6267E860083} => key not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key not found.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2621537104-4152392858-1037202297-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value removed successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" => key removed successfully.
"C:\Documents and Settings\Race\Application Data\BabSolution\CR\Delta.crx" => File/Folder not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fhjnbgadgmmffddcilnbmcieekimilcn" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg" => key removed successfully.
C:\Program Files\Perion\NewTab\newTab.crx => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca" => key removed successfully.
C:\Program Files\Perion\ChromeInfoBar\ChromeInfoBar.crx => moved successfully
AdobeFlashPlayerUpdateSvc => service removed successfully.
Application Updater => service removed successfully.
DKbFltr => service removed successfully.
hwdatacard => service removed successfully.
hwusbdev => service removed successfully.
pccsmcfd => service removed successfully.
RtsUIR => service removed successfully.
USBCCID => service removed successfully.
WS2IFSL => service removed successfully.
EmptyTemp: => 10.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:04:47 ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Verujem da je sada stanje mnogo bolje. Poslednji scan:

Skeniranje sa MalwareBytes

Preuzmi Malwarebytes Anti-Malware i sacuvaj instalaciju na Desktop.
Instaliraj program standardnim putem, samo sto na kraju instalacije mozes da iskljucis Trial verziju, ali i ne moras. Drugu opciju ostavi, MalwareBytes ce biti pokrenut i azuriran.
Nakon sto je to gotovo, klikni na Settings tab, na levoj strani izaberi Detctions & protection and obelezi Scan for rootkits ukoliko vec nije.
U istom prozoru, ispod PUP and PUM detections postavi da bude Treat detections as malware.
Zatim klikni na Scan tab, Izaberi Threat Scan i na kraju klikni na Scan Now.
Nakon sto i ukoliko je malware detektovan, klikni na Apply Actions. Zatim ce MalwareBytes krenuti sa uklanjanjem infekcije i zatrazice ti da restartujes racunar.
Nakon zavrsetka skeniranja (ili nakon restart), klikni na History tab.
Klikni na Application Logs, a zatim dvoklik na najnoviji Scan Log.
Na dnu prozora klikni na Export i izaberi Text file.

Sacuvaj izvestaj na Desktop i prikaci ga u sledecoj poruci.

Ko je trenutno na forumu
 

Ukupno su 997 korisnika na forumu :: 47 registrovanih, 7 sakrivenih i 943 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, ajo baba, Apok, arsa, Brana01, celik, CikaKURE, cvrle312, dankisha, Dimitrije Paunovic, DPera, drimer, havoc995, ivan1973, ivica976, janbo, Još malo pa deda, Karla, kolle.the.kid, ladro, ljuba, MB120mm, mercedesamg, mikrimaus, milenko crazy north, Milometer, Milos ZA, moldway, mrvica78, Nikolaa11, PAGZLY, royst33, sap, ser.hill, slonic_tonic, Srle993, Stanlio, Stoilkovic, suton, Trpe Grozni, tubular, vaso1, VJ, VP6919, vukovi, zillbg, zixmix