provera na viruse

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by dragisa at 11:11:55 on 2014-04-21
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Win\lsass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\Settings Manager\systemk\systemku.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100476&babsrc=HP_ss&mntrId=cc6e43830000000000000015af9a48f3
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
mWinlogon: TaskMan = c:\documents and settings\dragisa\application data\eqegwk.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\phone\ieplugin\SkypeIEPlugin.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\program files\linkey\ieextension\iedll.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
EB: SiteFinder: {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [run32] c:\win\lsass.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\phone\ieplugin\SkypeIEPlugin.dll
IE: {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files\sitefinder\SiteFinder.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1549523B-8EBA-4E08-86C1-5AA9F882CDA2} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\linkey\ieexte~1\iedll.dll c:\progra~1\settin~1\systemk\syskldr.dll
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dragisa\application data\mozilla\firefox\profiles\th2b0ant.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=476&aid=107&itype=n&ver=11471&tm=258&src=hmp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\dragisa\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R? McComponentHostService;McAfee Security Scan Component Host Service
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? S3GIGP;S3GIGP
S? SystemkService;Systemk Service
S? xfilt;VIA SATA IDE Hot-plug Driver
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-04-21 08:42:54 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-21 08:42:54 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:17:51.37 ===============

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih c´e raditi na tvom sistemu, to c´e biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014 02
Ran by dragisa (administrator) on DRAGISA-B2749E6 on 21-04-2014 11:53:31
Running from C:\Documents and Settings\dragisa\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(S3 Graphics Co., Ltd.) C:\WINDOWS\system32\S3trayp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\Win\lsass.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc.) C:\Program Files\Settings Manager\systemk\systemku.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VTTimer] => C:\WINDOWS\system32\VTTimer.exe [53248 2006-09-21] (S3 Graphics, Inc.)
HKLM\...\Run: [S3Trayp] => C:\WINDOWS\system32\S3trayp.exe [200704 2007-08-06] (S3 Graphics Co., Ltd.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16342528 2007-05-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [run32] => C:\Win\lsass.exe [552103 2002-01-01] ()
HKU\S-1-5-21-57989841-261903793-1547161642-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-02] (Google Inc.)
HKU\S-1-5-21-57989841-261903793-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll => C:\Program Files\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
AppInit_DLLs: C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll => C:\Program Files\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [485904 2014-02-06] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.babylon.com/?AF=100476&babsrc=HP_ss&.....15af9a48f3
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {57597B53-89CE-4290-A87C-192730C124FD} URL = search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {57597B53-89CE-4290-A87C-192730C124FD} URL = search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.default-search.net?sid=476&aid=107&itype=n&ver=11471&tm=258&src=hmp
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\dragisa\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Linkey for Firefox - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\extension@linkeyproject.com [2014-02-14]
FF Extension: Babylon - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\ffxtlbr@babylon.com [2011-11-20]
FF Extension: Site Finder - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\sitefinder@sitefinder.com [2014-03-22]
FF Extension: Settings Manager - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\{08C62903-0610-0A70-DAB3-03B61D96B1A1} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-03-27]

========================== Services (Whitelisted) =================

R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [118264 2014-03-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3448848 2014-02-06] (Aztec Media Inc.)

==================== Drivers (Whitelisted) ====================

R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1574112 2009-06-22] (Atheros Communications, Inc.)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc. )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [607232 2007-09-18] (S3 Graphics Co., Ltd.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [17920 2006-10-18] (VIA Technologies,Inc)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\dragisa\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 11:51 - 2014-04-21 11:53 - 00000000 ____D () C:\FRST
2014-04-21 11:18 - 2014-04-21 11:18 - 00002355 _____ () C:\Documents and Settings\dragisa\Desktop\attach.txt
2014-04-21 11:18 - 2014-04-21 11:17 - 00006438 _____ () C:\Documents and Settings\dragisa\Desktop\dds.txt
2014-04-21 10:41 - 2014-04-21 10:43 - 00000000 ____D () C:\Documents and Settings\dragisa\Local Settings\Application Data\Adobe
2014-03-29 23:09 - 2014-03-29 23:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-21 11:53 - 2014-04-21 11:51 - 00000000 ____D () C:\FRST
2014-04-21 11:31 - 2014-02-14 17:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\systemk
2014-04-21 11:21 - 2012-05-28 11:45 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 11:18 - 2014-04-21 11:18 - 00002355 _____ () C:\Documents and Settings\dragisa\Desktop\attach.txt
2014-04-21 11:17 - 2014-04-21 11:18 - 00006438 _____ () C:\Documents and Settings\dragisa\Desktop\dds.txt
2014-04-21 10:43 - 2014-04-21 10:41 - 00000000 ____D () C:\Documents and Settings\dragisa\Local Settings\Application Data\Adobe
2014-04-21 10:42 - 2012-05-28 11:45 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-21 10:42 - 2012-05-28 11:45 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-21 10:42 - 2011-05-17 10:46 - 00313702 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 10:37 - 2014-03-07 18:57 - 00052936 _____ () C:\WINDOWS\setupapi.log
2014-04-21 10:37 - 2011-05-17 12:33 - 00180172 _____ () C:\WINDOWS\setupact.log
2014-04-21 10:36 - 2011-05-17 12:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-21 10:36 - 2011-05-17 12:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-21 10:36 - 2011-05-17 10:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-20 22:35 - 2011-05-17 10:56 - 00000178 __SHC () C:\Documents and Settings\dragisa\ntuser.ini
2014-04-20 22:35 - 2011-05-17 10:55 - 00032396 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-20 22:23 - 2011-05-17 12:34 - 00356120 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-20 22:12 - 2012-05-18 23:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-20 22:12 - 2012-03-27 19:32 - 00000000 ____D () C:\Program Files\McAfee
2014-04-20 22:12 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-29 23:11 - 2014-03-29 23:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni Control Panel i obrisi sledece:
- Google Toolbar for Internet Explorer
- Linkey
- McAfee Security Scan Plus
- McAfee SiteAdvisor
- Settings Manager
- SiteFinder

Ukoliko nesto nije moguce iz nekog razloga, preskoci.



Ne koristi nikakav USB Flash dok ti ne zatrazim. Ako imas neki, izvadi ga iz racunara i ne koristi.



Zatim



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
() C:\Win\lsass.exe
C:\Win
HKLM\...\Run: [run32] => C:\Win\lsass.exe [552103 2002-01-01] ()
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll => C:\Program Files\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
AppInit_DLLs: C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll => C:\Program Files\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
C:\PROGRA~1\SETTIN~1
C:\PROGRA~1\Linkey
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [485904 2014-02-06] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
C:\Program Files\Settings Manager
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100476&babsrc=HP_ss&.....15af9a48f3
SearchScopes: HKCU - DefaultScope {57597B53-89CE-4290-A87C-192730C124FD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {57597B53-89CE-4290-A87C-192730C124FD} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
Toolbar: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.default-search.net?sid=476&aid=107&itype=n&ver=11471&tm=258&src=hmp
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF SearchPlugin: C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Linkey for Firefox - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\extension@linkeyproject.com [2014-02-14]
FF Extension: Babylon - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\ffxtlbr@babylon.com [2011-11-20]
FF Extension: Site Finder - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\sitefinder@sitefinder.com [2014-03-22]
FF Extension: Settings Manager - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\{08C62903-0610-0A70-DAB3-03B61D96B1A1} [2014-02-14]
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3448848 2014-02-06] (Aztec Media Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\dragisa\LOCALS~1\Temp\mbr.sys [X]
2014-02-14 17:54 - 2014-02-06 12:11 - 00485904 _____ () C:\Program Files\Settings Manager\systemk\sysapcrt.dll
2011-07-16 14:53 - 2002-01-01 13:13 - 00552103 _____ () C:\Win\lsass.exe
2014-02-14 17:54 - 2014-02-06 12:11 - 00019984 _____ () C:\Program Files\Settings Manager\systemk\syskldr.dll
cmd: ipconfig /flushdns
cmd: netsh winsock reset
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014 02
Ran by dragisa at 2014-04-21 13:27:25 Run:1
Running from C:\Documents and Settings\dragisa\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
) C:\Win\lsass.exe
C:\Win
HKLM\...\Run: [run32] => C:\Win\lsass.exe [552103 2002-01-01] ()
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll => C:\Program Files\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
AppInit_DLLs: C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll => C:\Program Files\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
C:\PROGRA~1\SETTIN~1
C:\PROGRA~1\Linkey
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [485904 2014-02-06] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
C:\Program Files\Settings Manager
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.babylon.com/?AF=100476&babsrc=HP_ss&.....15af9a48f3
SearchScopes: HKCU - DefaultScope {57597B53-89CE-4290-A87C-192730C124FD} URL = search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKCU - {57597B53-89CE-4290-A87C-192730C124FD} URL = search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
Toolbar: HKLM - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll (Site Finder)
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.default-search.net?sid=476&aid=107&itype=n&ver=11471&tm=258&src=hmp
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
FF SearchPlugin: C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Linkey for Firefox - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\extension@linkeyproject.com [2014-02-14]
FF Extension: Babylon - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\ffxtlbr@babylon.com [2011-11-20]
FF Extension: Site Finder - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\sitefinder@sitefinder.com [2014-03-22]
FF Extension: Settings Manager - C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\{08C62903-0610-0A70-DAB3-03B61D96B1A1} [2014-02-14]
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3448848 2014-02-06] (Aztec Media Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\dragisa\LOCALS~1\Temp\mbr.sys [X]
2014-02-14 17:54 - 2014-02-06 12:11 - 00485904 _____ () C:\Program Files\Settings Manager\systemk\sysapcrt.dll
2011-07-16 14:53 - 2002-01-01 13:13 - 00552103 _____ () C:\Win\lsass.exe
2014-02-14 17:54 - 2014-02-06 12:11 - 00019984 _____ () C:\Program Files\Settings Manager\systemk\syskldr.dll
cmd: ipconfig /flushdns
cmd: netsh winsock reset
*****************

C:\Win => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\run32 => Value deleted successfully.
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL" => Value Data removed successfully.
"C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll" => Value Data not found.
"C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll" => Value Data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.

"C:\Program Files\Settings Manager" directory move:

Could not move "C:\Program Files\Settings Manager\systemk\favicon.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Helper.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\sysapcrt.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\syskldr.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\syskldr_u.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemk.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemkbho.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\SystemkService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemku.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager" directory. => Scheduled to move on reboot.

"C:\PROGRA~1\Linkey" => File/Directory not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
C:\Documents and Settings\All Users\Application Data\Wincert => Moved successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.

"C:\Program Files\Settings Manager" directory move:

Could not move "C:\Program Files\Settings Manager\systemk\favicon.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Helper.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\sysapcrt.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\syskldr.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\syskldr_u.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemk.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemkbho.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\SystemkService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemku.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager" directory. => Scheduled to move on reboot.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{57597B53-89CE-4290-A87C-192730C124FD} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{57597B53-89CE-4290-A87C-192730C124FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} => Value deleted successfully.
HKCR\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\searchplugins\default-search.xml" => not found.
C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml => Moved successfully.
C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\extension@linkeyproject.com => not found.
C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\ffxtlbr@babylon.com => Moved successfully.
C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\sitefinder@sitefinder.com => Moved successfully.
C:\Documents and Settings\dragisa\Application Data\Mozilla\Firefox\Profiles\th2b0ant.default\Extensions\{08C62903-0610-0A70-DAB3-03B61D96B1A1} => Moved successfully.
SystemkService => Service stopped successfully.
SystemkService => Service deleted successfully.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
mbr => Service deleted successfully.
Could not move "C:\Program Files\Settings Manager\systemk\sysapcrt.dll" => Scheduled to move on reboot.
"C:\Win\lsass.exe" => File/Directory not found.
Could not move "C:\Program Files\Settings Manager\systemk\syskldr.dll" => Scheduled to move on reboot.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-21 13:29:58)<=

C:\Program Files\Settings Manager\systemk\favicon.ico => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Helper.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\sysapcrt.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\syskldr.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\syskldr_u.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemk.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemkbho.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\SystemkService.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemku.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Uninstall.exe => Is moved successfully.
C:\Program Files\Settings Manager => Moved successfully.
C:\Program Files\Settings Manager\systemk\favicon.ico => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Helper.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\sysapcrt.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\syskldr.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\syskldr_u.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemk.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemkbho.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\SystemkService.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\systemku.exe => Is moved successfully.
C:\Program Files\Settings Manager\systemk\Uninstall.exe => Is moved successfully.
C:\Program Files\Settings Manager => Is moved successfully.
C:\Program Files\Settings Manager\systemk\sysapcrt.dll => Is moved successfully.
C:\Program Files\Settings Manager\systemk\syskldr.dll => Is moved successfully.

==== End of Fixlog ====

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Odlicno, no zeleo bih jos dve provere, cisto da se uverimo da je sve u redu:



Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:

createsrpoint;
emptyfolderscheck;delete
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b

Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.



Zatim



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 21 Apr 2014 13:53

ne znam da li da idem dalje ali kompjuter mi radi mnogo brze

Dopuna: 21 Apr 2014 14:09

moram na put pa necu stici sve da zavrsim.hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trebalo bi da ispratis uputstva do kraja, no kako zelis...