Kako da se riješim ibsvc.exe?

1

Kako da se riješim ibsvc.exe?

offline
  • Pridružio: 24 Mar 2014
  • Poruke: 29

Napisano: 24 Mar 2014 18:46

Molio bih pomoć oko ibsvc.exe. Pojavljuje mi se na Windows Task Manager-u i zauzima cjelokupnu memoriju, neprekidno se pojacavajuci i smanjivajuci opterecuje kompjuter. Dođe do 100% pa se spusti na 60, 30 pa ponovo na 100%.. Problem me muči duže vrijeme, vjerovatno sam ga skinuo zajedno sa nekom igricom ili aplikacijom. Kada odem na end process, ugasi ga na neko vrijeme i onda se opet pojavi. Konekcija mi je dial-up, mjerač mi mjeri 1.53mbps.. Imam slabije napajanje pa se komp i nerijetko ugasi, pa ako ima još kakvih prijedloga kako da ga ubrzam neće biti suvišno.. Very Happy


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Jolly at 18:41:03 on 2014-03-24
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.511.106 [GMT 1:00]
.
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\algv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
C:\Program Files\outobox\updateoutobox.exe
C:\Program Files\outobox\bin\utiloutobox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://startsear.ch/?aff=2&cf=37a72966-41e5-11e1-930c-0018f31b525a
mSearchAssistant = hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc&q={searchTerms}
mWinlogon: Shell = explorer.exe,algv.exe
mWinlogon: SFCDisable = dword:-99
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\documents and settings\jolly\application data\newnext.me\nengine.dll",EntryPoint -m l
uRun: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
uRun: [svchost] regsvr32 /s "C:\Temp:00072CCA.dat"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [algv.exe] c:\windows\system32\algv.exe
mRun: [x.exe] "c:\windows\system32\algv.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1
mRun: [svchost] regsvr32 /s "C:\Temp:00072CCA.dat"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6287A60B-9DD6-467B-9C5D-F28CC30FE313} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{C6A9CF3D-B71B-4E4D-91A6-E46D3F9C44F8} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jolly\application data\mozilla\firefox\profiles\u50vzrml.default\
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-18 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2011-12-22 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2011-12-22 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-10 302368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-3-8 242240]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [2014-2-19 55224]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-13 193288]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 IBUpdaterService;Updater Service;c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe [2013-3-20 644856]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\jolly\local settings\application data\torch\update\TorchCrashHandler.exe [2013-11-4 1213448]
R2 Update outobox;Update outobox;c:\program files\outobox\updateoutobox.exe [2013-12-7 348440]
R2 Util outobox;Util outobox;c:\program files\outobox\bin\utiloutobox.exe [2013-12-25 348440]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2011-12-22 35712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2011-12-20 347648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-02-28 16:25:57 505392 ----a-w- c:\windows\system32\msvcp71.dll
2014-02-19 11:28:13 55224 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-01-04 18:08:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-04 18:08:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-07-06 01:43:26 1269760 --sha-w- c:\windows\system32\algv.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x82DCD0E8]<<
_asm { MOV EAX, 0x82dcd008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82dd1eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x82D63AB8]
\Driver\Disk[0x82D64940] -> IRP_MJ_CREATE -> 0x82DCD0E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x82dcd0e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 18:41:42,54 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2011 12:27:21 PM
System Uptime: 3/24/2014 6:18:27 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2V
Processor: AMD Athlon(tm) 64 Processor 3200+ | SOCKET AM2 | 1999/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 41.075 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 43.405 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D8E1589&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D8E1589&0
Service: i8042prt
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&172FB5D3&0&4099
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&172FB5D3&0&4099
Service:
.
==== System Restore Points ===================
.
RP1: 12/24/2013 6:22:54 PM - System Checkpoint
RP2: 12/24/2013 6:23:16 PM - Created by Wise Disk Cleaner
RP3: 12/24/2013 6:38:11 PM - Installed PerfectSpeed PC Optimizer.
RP4: 12/26/2013 8:56:40 PM - System Checkpoint
RP5: 12/27/2013 9:42:19 PM - System Checkpoint
RP6: 12/28/2013 3:51:53 PM - Installed ProductName
RP7: 12/28/2013 4:20:01 PM - Installed ProductName
RP8: 12/29/2013 7:56:51 PM - System Checkpoint
RP9: 12/30/2013 7:59:43 PM - System Checkpoint
RP10: 12/31/2013 8:05:52 PM - System Checkpoint
RP11: 1/1/2014 8:44:56 PM - System Checkpoint
RP12: 1/3/2014 1:07:31 PM - System Checkpoint
RP13: 1/3/2014 10:47:58 PM - Installed DirectX
RP14: 1/3/2014 10:49:33 PM - Installed DirectX
RP15: 1/3/2014 10:49:48 PM - Installed DirectX
RP16: 1/3/2014 10:49:58 PM - Installed DirectX
RP17: 1/3/2014 10:50:06 PM - Installed DirectX
RP18: 1/4/2014 12:13:55 PM - Installed Nero 2014.
RP19: 1/4/2014 7:01:58 PM - Configured WORLD SOCCER WINNING ELEVEN 8 INTERNATIONAL
RP20: 1/6/2014 3:29:42 AM - System Checkpoint
RP21: 1/7/2014 7:48:26 PM - System Checkpoint
RP22: 1/9/2014 11:12:27 AM - System Checkpoint
RP23: 1/10/2014 11:18:05 AM - System Checkpoint
RP24: 1/10/2014 1:17:07 PM - Removed PerfectSpeed PC Optimizer.
RP25: 1/10/2014 1:18:14 PM - Configured WORLD SOCCER WINNING ELEVEN 8 INTERNATIONAL
RP26: 1/11/2014 1:20:41 PM - System Checkpoint
RP27: 1/12/2014 11:20:15 PM - System Checkpoint
RP28: 1/14/2014 2:34:34 PM - System Checkpoint
RP29: 1/15/2014 2:48:09 PM - System Checkpoint
RP30: 1/16/2014 11:41:38 PM - System Checkpoint
RP31: 1/18/2014 3:06:00 PM - System Checkpoint
RP32: 1/19/2014 6:16:01 PM - System Checkpoint
RP33: 1/21/2014 2:44:25 PM - System Checkpoint
RP34: 1/22/2014 3:40:58 PM - System Checkpoint
RP35: 1/23/2014 9:16:32 PM - System Checkpoint
RP36: 1/26/2014 1:22:56 AM - System Checkpoint
RP37: 1/27/2014 11:04:15 AM - System Checkpoint
RP38: 1/27/2014 8:53:52 PM - Software Distribution Service 3.0
RP39: 1/29/2014 2:40:24 PM - System Checkpoint
RP40: 1/30/2014 2:43:40 PM - System Checkpoint
RP41: 1/31/2014 5:35:18 PM - System Checkpoint
RP42: 2/1/2014 11:37:02 PM - System Checkpoint
RP43: 2/3/2014 12:15:59 AM - System Checkpoint
RP44: 2/4/2014 3:09:46 PM - System Checkpoint
RP45: 2/6/2014 12:24:05 AM - System Checkpoint
RP46: 2/7/2014 1:45:10 PM - System Checkpoint
RP47: 2/8/2014 2:12:25 PM - System Checkpoint
RP48: 2/9/2014 2:40:50 PM - System Checkpoint
RP49: 2/11/2014 2:04:09 PM - System Checkpoint
RP50: 2/12/2014 3:08:58 PM - System Checkpoint
RP51: 2/13/2014 4:36:44 PM - System Checkpoint
RP52: 2/14/2014 4:40:35 PM - System Checkpoint
RP53: 2/16/2014 11:05:44 AM - System Checkpoint
RP54: 2/17/2014 11:26:27 AM - System Checkpoint
RP55: 2/18/2014 5:35:05 PM - System Checkpoint
RP56: 2/19/2014 5:40:11 PM - System Checkpoint
RP57: 2/21/2014 12:18:46 AM - System Checkpoint
RP58: 2/22/2014 6:03:22 PM - System Checkpoint
RP59: 2/24/2014 12:36:53 AM - System Checkpoint
RP60: 2/25/2014 12:53:24 AM - System Checkpoint
RP61: 2/26/2014 1:15:53 AM - System Checkpoint
RP62: 2/28/2014 3:58:40 PM - System Checkpoint
RP63: 2/28/2014 5:15:55 PM - Installed ProductName
RP64: 2/28/2014 5:26:06 PM - Installed PowerDVD
RP65: 3/1/2014 4:07:07 PM - Restore Operation
RP66: 3/1/2014 4:26:13 PM - Restore Operation
RP67: 3/2/2014 7:29:11 PM - System Checkpoint
RP68: 3/4/2014 12:17:10 AM - System Checkpoint
RP69: 3/5/2014 3:02:15 PM - System Checkpoint
RP70: 3/6/2014 4:01:52 PM - System Checkpoint
RP71: 3/7/2014 8:26:37 PM - System Checkpoint
RP72: 3/8/2014 5:20:24 PM - Installed Pro Evolution Soccer 6
RP73: 3/9/2014 11:22:36 PM - System Checkpoint
RP74: 3/11/2014 1:45:33 PM - System Checkpoint
RP75: 3/12/2014 7:14:12 PM - System Checkpoint
RP76: 3/14/2014 12:40:50 PM - System Checkpoint
RP77: 3/15/2014 11:23:02 PM - System Checkpoint
RP78: 3/17/2014 12:59:47 PM - System Checkpoint
RP79: 3/18/2014 2:22:11 PM - System Checkpoint
RP80: 3/19/2014 2:32:59 PM - System Checkpoint
RP81: 3/20/2014 4:34:46 PM - System Checkpoint
RP82: 3/20/2014 6:48:52 PM - Restore Operation
RP83: 3/22/2014 2:51:04 PM - System Checkpoint
RP84: 3/23/2014 11:44:45 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player
Ask Toolbar
ATI Display Driver (Omega 3.8.442)
Attansic L1 Gigabit Ethernet Driver
AVG 2012
BS Player Toolbar
BS.Player FREE
CCleaner
Counter-Strike 1.6
DefaultTab
DZK Player
Facebook Video Calling 1.2.0.287
ffdshow v1.2.4422 [2012-04-09]
FLV Player 2.0, build 23
Football Manager 2008
Google Chrome
Google Earth
Google Update Helper
Haali Media Splitter
iLivid
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
K-Lite Mega Codec Pack 1.66
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
Need for Speed Underground 2
Nero 2014
Nero Audio Pack 1
Nero Blu-ray Player
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Themes Basic
Nero MediaHome
Nero MediaHome Help (CHM)
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
Opera Stable 19.0.1326.56
outobox
PC Camera
PhotoScape
Platform
PowerDVD
Prerequisite installer
Pro Evolution Soccer 6
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Realtek High Definition Audio Driver
RegSeeker
SearchNewTab
SK:Helper 1.74
Skype Click to Call
Skype™ 6.3
SpyHunter
Ss:Helper 1.74
Updater Service
Vauodix
VIA Platform Device Manager
WebFldrs XP
Winamp
Windows iLivid Toolbar
WinRAR 4.01 (32-bit)
Wise Disk Cleaner 7.98
YTD Video Downloader 4.7.2
.
==== Event Viewer Messages From Past Week ========
.
3/24/2014 5:34:10 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:31:24 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:29:09 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:28:25 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:27:07 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:24:42 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:23:29 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:21:52 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:21:06 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:20:26 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:19:53 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:19:17 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:18:32 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:17:52 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:17:10 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:16:33 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:15:56 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:15:23 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:14:43 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:13:36 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:13:03 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:12:16 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:11:41 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:05:35 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:03:06 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/21/2014 4:31:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 0018F31B525A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/20/2014 6:47:34 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
3/20/2014 6:47:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/20/2014 6:47:12 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2014 6:29:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Chrome\Application\31.0.1650.63\chrome_child.dll. Reference error message: The operation completed successfully. .
3/20/2014 6:09:58 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 6:08:28 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 5:35:33 PM, error: Service Control Manager [7031] - The Util outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/20/2014 4:44:53 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
3/20/2014 4:33:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgcmgr.exe. Reference error message: Error Message is unavailable .
3/20/2014 3:41:51 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 3:41:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/20/2014 3:41:18 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 3:37:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0018F31B525A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/19/2014 10:29:09 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0018F31B525A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/18/2014 7:48:08 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
3/18/2014 11:06:33 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================


Nadam se da je sve tu, ako treba još nešto što sam izostavio, izvinjavam se, staviću u komentar ako još nešto fali od informacija.. Veliki pozdrav i hvala unaprijed..

Dopuna: 24 Mar 2014 18:47

I samo jedna ispravka, konekcija nije dial-up već je adsl.. Ne razumijem se mnogo u to..:/

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 24 Mar 2014
  • Poruke: 29

ComboFix mi je cijelu noć radio i ništa..cijelo vrijeme je pisalo ono početno da ne bi trebalo da uzme više od deset minuta ali da se lagano može uduplat vrijeme ako je veoma zaražen. Izbacivalo mi je one programe, sve sam klikao na yes i OK..kompjuter cijelo vrijeme kao nešto radi, ali ništa ne napreduje.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Prekini rad Combofixa, nije trebalo da toliko cekas. Restartuj racunar i odradi sledece:


Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 24 Mar 2014
  • Poruke: 29

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org

Database version: v2014.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
:: XPWINDOWS7 [administrator]

25.3.2014 13:23:26
mbar-log-2014-03-25 (13-23-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 246284
Time elapsed: 21 minute(s), 55 second(s)

Memory Processes Detected: 2
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (Adware.InstallBrain) -> Delete on reboot.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|algv.exe (Worm.AutoRun) -> Data: C:\WINDOWS\system32\algv.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|x.exe (Worm.AutoRun) -> Data: "C:\WINDOWS\system32\algv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.

Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Worm.AutoRun) -> Bad: (algv.exe) Good: () -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=37a72966-41e5-11e1-930c-0018f31b525a) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.Shell) -> Bad: (explorer.exe,algv.exe) Good: (Explorer.exe) -> Replace on reboot.

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.

Files Detected: 12
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot.
c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot.
c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot.
C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)




mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dobro, zaboravio sam ti kazem da ako imas neku Flash memoriju nemoj da je prikljucujes na komp dok ti ja ne kazem. Idemo dalje.


Obrisi ikonicu Combofixa i preuzmi novu na desktop, a zatim pokusaj ponovo da ga pokrenes.

Ukoliko opet imas problem odradi sledece:





Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 24 Mar 2014
  • Poruke: 29

Napisano: 25 Mar 2014 14:40

Čekao sam pola sata i nikakvih rezultata, sad ću da skinem Farbar RST pa ću da okačim izvještaj.Smile

Dopuna: 25 Mar 2014 14:45

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Jolly (administrator) on XPWINDOWS7 on 25-03-2014 14:40:52
Running from C:\Documents and Settings\Jolly\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TorchMedia Inc.) C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16050688 2006-08-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Jolly\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [NoActiveDesktop] 0x00000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [NoSaveSettings] 0x00000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x0000000000000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jolly\Application Data\Mozilla\Firefox\Profiles\u50vzrml.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO )
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
CHR DefaultSearchKeyword: facebook
CHR DefaultSearchProvider: Facebook
CHR DefaultSearchURL: facebook.com/search.php?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (DefaultTab) - C:\Documents and Settings\Jolly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2013-12-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jolly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]

========================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-28] ()
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()

==================== Drivers (Whitelisted) ====================

S3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-05-08] (D-Link Corporation)
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35712 2006-08-22] (Attansic Technology corporation.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2014-03-08] (DT Soft Ltd)
R0 mv614x; C:\WINDOWS\System32\DRIVERS\mv614x.sys [63232 2006-07-03] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [664064 2012-10-30] ()
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55224 2014-02-19] (StdLib)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 14:40 - 2014-03-25 14:40 - 00000000 ____D () C:\FRST
2014-03-25 14:36 - 2014-03-25 14:36 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\CyberLink PowerDVD
2014-03-25 14:07 - 2014-03-25 14:08 - 00000000 ___SD () C:\ComboFix
2014-03-25 13:23 - 2014-03-25 13:23 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 13:23 - 2014-03-25 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 13:21 - 2014-03-25 13:45 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\mbar
2014-03-25 13:21 - 2014-03-25 13:21 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-24 21:47 - 2014-03-25 14:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-24 21:45 - 2014-03-25 14:34 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-24 21:45 - 2014-03-24 21:45 - 00497048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 21:45 - 2014-03-24 21:45 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-24 19:22 - 2014-03-24 19:22 - 00000000 _RSHD () C:\cmdcons
2014-03-24 19:22 - 2011-12-22 11:31 - 00000211 _____ () C:\Boot.bak
2014-03-24 19:22 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-24 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-24 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-24 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\Qoobox
2014-03-24 18:41 - 2014-03-24 18:41 - 00018146 _____ () C:\Documents and Settings\Jolly\My Documents\attach.txt
2014-03-24 18:41 - 2014-03-24 18:41 - 00010480 _____ () C:\Documents and Settings\Jolly\My Documents\dds.txt
2014-03-20 18:27 - 2014-03-20 18:49 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\Old Firefox Data
2014-03-08 17:26 - 2014-03-08 17:27 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\KONAMI
2014-03-08 17:21 - 2014-03-08 17:21 - 00001571 _____ () C:\Documents and Settings\Jolly\Desktop\Pro Evolution Soccer 6.lnk
2014-03-08 17:21 - 2014-03-08 17:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\KONAMI
2014-03-08 17:18 - 2014-03-08 17:18 - 00242240 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2014-03-08 17:08 - 2014-03-08 18:02 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\DAEMON Tools Lite
2014-03-08 17:08 - 2014-03-08 17:08 - 00000625 _____ () C:\Documents and Settings\Jolly\Desktop\DTLite.lnk
2014-03-08 17:07 - 2014-03-08 17:18 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\DAEMON Tools Lite
2014-03-02 17:14 - 2014-03-11 21:00 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\New Folder
2014-03-02 17:11 - 2014-03-02 18:07 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Mladjo
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\FLV Player
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\CyberLink
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
2014-02-28 18:37 - 2014-02-28 18:37 - 00000701 _____ () C:\Documents and Settings\Jolly\Desktop\FLV Player.lnk
2014-02-28 18:34 - 2014-03-22 01:57 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Winamp
2014-02-28 18:34 - 2014-03-01 16:33 - 00000000 ____D () C:\Program Files\Winamp
2014-02-28 18:34 - 2014-02-28 18:34 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2014-02-28 18:34 - 2007-03-08 00:51 - 01628920 ____N (Sonic Solutions) C:\WINDOWS\system32\pxsfs.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00547576 ____N (Sonic Solutions) C:\WINDOWS\system32\px.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00510712 ____N (Sonic Solutions) C:\WINDOWS\system32\pxdrv.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00379640 ____N (Sonic Solutions) C:\WINDOWS\system32\pxwave.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00187128 ____N (Sonic Solutions) C:\WINDOWS\system32\pxmas.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00129784 ____N (Sonic Solutions) C:\WINDOWS\system32\pxafs.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00072440 ____N (Sonic Solutions) C:\WINDOWS\system32\pxhpinst.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\system32\pxinsa64.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\system32\pxcpya64.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00043528 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2014-02-28 18:34 - 2007-03-08 00:51 - 00039672 ____N (Sonic Solutions) C:\WINDOWS\system32\vxblock.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00009464 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2014-02-28 18:34 - 2007-03-08 00:51 - 00009336 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2014-02-28 17:28 - 2014-02-28 17:28 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\CyberLink
2014-02-28 17:27 - 2014-02-28 17:27 - 00001686 _____ () C:\Documents and Settings\Jolly\Desktop\CyberLink PowerDVD.lnk
2014-02-28 17:26 - 2014-02-28 17:27 - 00000000 ____D () C:\Program Files\CyberLink

==================== One Month Modified Files and Folders =======

2014-03-25 14:41 - 2013-01-07 13:50 - 00000294 _____ () C:\WINDOWS\Tasks\Browser Manager.job
2014-03-25 14:40 - 2014-03-25 14:40 - 00000000 ____D () C:\FRST
2014-03-25 14:36 - 2014-03-25 14:36 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\CyberLink PowerDVD
2014-03-25 14:36 - 2014-03-24 21:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-25 14:36 - 2014-01-05 12:34 - 58502467 _____ () C:\Documents and Settings\Jolly\avgui.log
2014-03-25 14:36 - 2013-12-24 18:40 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\newnext.me
2014-03-25 14:35 - 2013-02-08 16:28 - 01608102 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-25 14:34 - 2014-03-24 21:45 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-25 14:34 - 2013-11-25 01:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2014-03-25 14:34 - 2012-11-23 11:28 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 14:34 - 2011-12-21 12:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-25 14:33 - 2013-09-28 10:50 - 00000178 ___SH () C:\Documents and Settings\Jolly\ntuser.ini
2014-03-25 14:08 - 2014-03-25 14:07 - 00000000 ___SD () C:\ComboFix
2014-03-25 14:07 - 2011-12-21 12:29 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-25 13:47 - 2011-12-29 10:49 - 00000000 ____D () C:\WINDOWS\Sun
2014-03-25 13:45 - 2014-03-25 13:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\mbar
2014-03-25 13:23 - 2014-03-25 13:23 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 13:23 - 2014-03-25 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 13:21 - 2014-03-25 13:21 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-25 13:10 - 2013-12-24 18:33 - 00000000 ____D () C:\Program Files\outobox
2014-03-24 23:10 - 2012-11-23 11:28 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 21:45 - 2014-03-24 21:45 - 00497048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 21:45 - 2014-03-24 21:45 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-24 19:22 - 2014-03-24 19:22 - 00000000 _RSHD () C:\cmdcons
2014-03-24 19:22 - 2011-12-21 19:09 - 00000327 __RSH () C:\boot.ini
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\Qoobox
2014-03-24 18:41 - 2014-03-24 18:41 - 00018146 _____ () C:\Documents and Settings\Jolly\My Documents\attach.txt
2014-03-24 18:41 - 2014-03-24 18:41 - 00010480 _____ () C:\Documents and Settings\Jolly\My Documents\dds.txt
2014-03-24 18:25 - 2013-12-24 18:10 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Wise Disk Cleaner
2014-03-24 18:24 - 2013-09-28 10:50 - 00000000 ____D () C:\Documents and Settings\Jolly
2014-03-24 15:07 - 2012-11-10 15:14 - 00001030 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1326574676-1606980848-500UA.job
2014-03-24 15:07 - 2012-11-10 15:14 - 00001008 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1326574676-1606980848-500Core.job
2014-03-23 19:38 - 2013-10-16 15:53 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Skype
2014-03-23 18:57 - 2011-12-22 13:57 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-22 01:57 - 2014-02-28 18:34 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Winamp
2014-03-20 22:27 - 2012-01-23 14:09 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-20 18:54 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-20 18:52 - 2011-12-21 12:29 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-20 18:52 - 2011-12-21 12:29 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-20 18:52 - 2011-12-21 12:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-20 18:52 - 2011-12-21 12:19 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-20 18:49 - 2014-03-20 18:27 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\Old Firefox Data
2014-03-11 21:00 - 2014-03-02 17:14 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\New Folder
2014-03-08 18:02 - 2014-03-08 17:08 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\DAEMON Tools Lite
2014-03-08 17:27 - 2014-03-08 17:26 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\KONAMI
2014-03-08 17:21 - 2014-03-08 17:21 - 00001571 _____ () C:\Documents and Settings\Jolly\Desktop\Pro Evolution Soccer 6.lnk
2014-03-08 17:21 - 2014-03-08 17:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\KONAMI
2014-03-08 17:21 - 2012-08-01 11:54 - 00000000 ____D () C:\Program Files\KONAMI
2014-03-08 17:18 - 2014-03-08 17:18 - 00242240 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2014-03-08 17:18 - 2014-03-08 17:07 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\DAEMON Tools Lite
2014-03-08 17:18 - 2012-10-15 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2014-03-08 17:08 - 2014-03-08 17:08 - 00000625 _____ () C:\Documents and Settings\Jolly\Desktop\DTLite.lnk
2014-03-02 18:07 - 2014-03-02 17:11 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Mladjo
2014-03-02 15:20 - 2012-03-14 17:28 - 00000160 _____ () C:\WINDOWS\mafosav.INI
2014-03-01 22:50 - 2012-11-05 17:59 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Sports Interactive
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\FLV Player
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2014-03-01 16:33 - 2014-02-28 18:34 - 00000000 ____D () C:\Program Files\Winamp
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\CyberLink
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
2014-03-01 16:32 - 2012-08-01 11:54 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-03-01 16:08 - 2011-12-22 11:03 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-01 16:07 - 2011-12-21 12:20 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-28 19:19 - 2012-01-02 10:42 - 00000000 ____D () C:\Program Files\Counter-Strike 1.6
2014-02-28 19:06 - 2013-11-02 14:18 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\OneNote Notebooks
2014-02-28 19:06 - 2013-03-20 11:27 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Saobraćajni znakovi
2014-02-28 18:37 - 2014-02-28 18:37 - 00000701 _____ () C:\Documents and Settings\Jolly\Desktop\FLV Player.lnk
2014-02-28 18:34 - 2014-02-28 18:34 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2014-02-28 17:28 - 2014-02-28 17:28 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\CyberLink
2014-02-28 17:27 - 2014-02-28 17:27 - 00001686 _____ () C:\Documents and Settings\Jolly\Desktop\CyberLink PowerDVD.lnk
2014-02-28 17:27 - 2014-02-28 17:26 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-28 17:25 - 2012-05-07 13:11 - 00505392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2014-02-28 17:17 - 2013-02-24 15:48 - 00000024 _____ () C:\WINDOWS\DIAMOND.INI

Files to move or delete:
====================
C:\Documents and Settings\Administrator\STARTUP.reg


Some content of TEMP:
====================
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-08-18 19:17] - [2008-08-18 19:17] - 1616384 ____A (Microsoft Corporation) 4a90f51b778fa0157f60d206e8b37d2a

C:\WINDOWS\system32\winlogon.exe
[2008-04-28 10:24] - [2008-04-28 10:24] - 0547328 ____A (Microsoft Corporation)
a55b8899d2ea2e800061bcfd456e34dc

C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll
[2008-03-20 19:36] - [2008-03-20 19:36] - 0578560 ____A (Microsoft Corporation) f92d8964b5286de225bd2b6bf89764be

C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()
C:\Documents and Settings\Administrator\STARTUP.reg
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
outobox (HKLM\...\outobox) (Version: 2013.12.07.011955 - outobox) <==== ATTENTION
SearchNewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 3.0.0.1842 - SearchNewTab) <==== ATTENTION
Windows iLivid Toolbar (HKLM\...\Windows Searchqu Toolbar) (Version: 3.0.0.118320 - Bandoo Media, Inc) <==== ATTENTION
AlternateDataStreams: C:\Temp:0002DB81.dat
AlternateDataStreams: C:\Temp:00030427.dat
AlternateDataStreams: C:\Temp:00030C74.dat
AlternateDataStreams: C:\Temp:00030DFB.dat
AlternateDataStreams: C:\Temp:00031742.dat
AlternateDataStreams: C:\Temp:00031CB1.dat
AlternateDataStreams: C:\Temp:00031E76.dat
AlternateDataStreams: C:\Temp:0003202B.dat
AlternateDataStreams: C:\Temp:00032655.dat
AlternateDataStreams: C:\Temp:000326C3.dat
AlternateDataStreams: C:\Temp:000334DC.dat
AlternateDataStreams: C:\Temp:000342A7.dat
AlternateDataStreams: C:\Temp:00036458.dat
AlternateDataStreams: C:\Temp:00039FCB.dat
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
End

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 24 Mar 2014
  • Poruke: 29

Napisano: 25 Mar 2014 16:10

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Jolly at 2014-03-25 16:08:46 Run:1
Running from C:\Documents and Settings\Jolly\Desktop\New Folder
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org

Database version: v2014.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
:: XPWINDOWS7 [administrator]

25.3.2014 13:23:26
mbar-log-2014-03-25 (13-23-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 246284
Time elapsed: 21 minute(s), 55 second(s)

Memory Processes Detected: 2
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (Adware.InstallBrain) -> Delete on reboot.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|algv.exe (Worm.AutoRun) -> Data: C:\WINDOWS\system32\algv.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|x.exe (Worm.AutoRun) -> Data: "C:\WINDOWS\system32\algv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.

Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Worm.AutoRun) -> Bad: (algv.exe) Good: () -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=37a72966-41e5-11e1-930c-0018f31b525a) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.Shell) -> Bad: (explorer.exe,algv.exe) Good: (Explorer.exe) -> Replace on reboot.

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.

Files Detected: 12
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot.
c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot.
c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot.
C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

*****************

"C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot." => File/Directory not found.
"c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot." => File/Directory not found.

==== End of Fixlog ====

Dopuna: 25 Mar 2014 16:13

jao, nisam vidi oovaj text, moram ponovo.. izvinjavam se na gresci

Dopuna: 25 Mar 2014 16:16

Evo novog izvještaja.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Jolly at 2014-03-25 16:14:39 Run:2
Running from C:\Documents and Settings\Jolly\Desktop\New Folder
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()
C:\Documents and Settings\Administrator\STARTUP.reg
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
outobox (HKLM\...\outobox) (Version: 2013.12.07.011955 - outobox) <==== ATTENTION
SearchNewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 3.0.0.1842 - SearchNewTab) <==== ATTENTION
Windows iLivid Toolbar (HKLM\...\Windows Searchqu Toolbar) (Version: 3.0.0.118320 - Bandoo Media, Inc) <==== ATTENTION
AlternateDataStreams: C:\Temp:0002DB81.dat
AlternateDataStreams: C:\Temp:00030427.dat
AlternateDataStreams: C:\Temp:00030C74.dat
AlternateDataStreams: C:\Temp:00030DFB.dat
AlternateDataStreams: C:\Temp:00031742.dat
AlternateDataStreams: C:\Temp:00031CB1.dat
AlternateDataStreams: C:\Temp:00031E76.dat
AlternateDataStreams: C:\Temp:0003202B.dat
AlternateDataStreams: C:\Temp:00032655.dat
AlternateDataStreams: C:\Temp:000326C3.dat
AlternateDataStreams: C:\Temp:000334DC.dat
AlternateDataStreams: C:\Temp:000342A7.dat
AlternateDataStreams: C:\Temp:00036458.dat
AlternateDataStreams: C:\Temp:00039FCB.dat
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
*****************

[956] C:\Program Files\outobox\updateoutobox.exe => Process closed successfully.
[1172] C:\Program Files\outobox\bin\utiloutobox.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => Value deleted successfully.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => Value deleted successfully.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f75a49a-e732-11e2-b3d8-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{2f75a49a-e732-11e2-b3d8-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41ed941a-a182-11e3-b5e0-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{41ed941a-a182-11e3-b5e0-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58fb859d-7f62-11e2-b27e-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{58fb859d-7f62-11e2-b27e-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{612cc000-88f3-11e3-b56e-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{612cc000-88f3-11e3-b56e-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b594ad1a-a225-11e3-b5e2-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{b594ad1a-a225-11e3-b5e2-0018f31b525a} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4" ==> The Chrome "Settings" can be used to fix the entry.
APNMCP => Service stopped successfully.
APNMCP => Service deleted successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => Moved successfully.
TorchCrashHandler => Service stopped successfully.
TorchCrashHandler => Service deleted successfully.
Update outobox => Service deleted successfully.
Util outobox => Service deleted successfully.
C:\Documents and Settings\Administrator\STARTUP.reg => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll => Moved successfully.
C:\Temp => ":0002DB81.dat" ADS removed successfully.
C:\Temp => ":00030427.dat" ADS removed successfully.
C:\Temp => ":00030C74.dat" ADS removed successfully.
C:\Temp => ":00030DFB.dat" ADS removed successfully.
C:\Temp => ":00031742.dat" ADS removed successfully.
C:\Temp => ":00031CB1.dat" ADS removed successfully.
C:\Temp => ":00031E76.dat" ADS removed successfully.
C:\Temp => ":0003202B.dat" ADS removed successfully.
C:\Temp => ":00032655.dat" ADS removed successfully.
C:\Temp => ":000326C3.dat" ADS removed successfully.
C:\Temp => ":000334DC.dat" ADS removed successfully.
C:\Temp => ":000342A7.dat" ADS removed successfully.
C:\Temp => ":00036458.dat" ADS removed successfully.
C:\Temp => ":00039FCB.dat" ADS removed successfully.
C:\Temp => ":pid1" ADS removed successfully.
C:\Temp => ":pid2" ADS removed successfully.
C:\Temp => ":rnd.dat" ADS removed successfully.
C:\Temp => ":srv" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D1B5B4F1" ADS removed successfully.

==== End of Fixlog ====

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dobro, pretpostavljam da racunar mnogo bolje funkcionise ali izvrsicu jos jednu proveru.



Preuzmi smeenk-ov zoek.zip ili zoek.rar () sa ovog ili ovog linka i sačuvaj ga na Desktop.

Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


quickscan;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.





******************************






Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

Ko je trenutno na forumu
 

Ukupno su 1405 korisnika na forumu :: 35 registrovanih, 6 sakrivenih i 1364 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ageofloneliness, Arahne, babaroga, bagor10, bladesu, cifra, CikaKURE, Dannyboy, debeli, Georgius, hatman, ILGromovnik, JOntra, kinez88, loon123, lord sir giga, Luka Blažević, Lutvo_Redzepagic, Magistar78, oganj123, raptorsi, RiV, ruma, Shinobi, Skywhaler, SlaKoj, StefanopuloZ, stegonosa, Trpe Grozni, vathra, Vlada78, vladulns, zixmix, zziko