Deinstalacija Tencent Tecgnology QQ

1

Deinstalacija Tencent Tecgnology QQ

offline
  • S2M  Male
  • Građanin
  • life developer
  • Pridružio: 21 Nov 2009
  • Poruke: 54
  • Gde živiš: Stuttgart

Kako i kolega Amar i ja imam identičan problem na laptopu.Kineza sam pokupio kad sam pokušao instalirati nekakav program za projektovanje namještaja "Mr.Diker".
Uglavnom,pratio sam dešavanja sa kolegom Amarom i pokušao se riješiti kineza.Mislio sam da sam uspjeo,međutim kad sam otvorio Control panel-adm.tools-sistem,vidio sam da se još nalazi tamo.
Koristim bezžični internet,Blic Net.
Dok je bilo podrške za XP koristio sam MS Essential AV,a sad sam instalirao AVG AV.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by User (administrator) on ASDFGH-12FC382F on 26-06-2015 23:43:02
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-02-07] (Intel Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel(R) Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [baidusdTray] => "C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
HKLM\...\Run: [ QQPCTray] => "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" /regrun /qqrepair
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Advanced System~Protector_startup] => "C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [ZedgeToneSync] => C:\Documents and Settings\User\Local Settings\Apps\2.0\Data\APG42VTA.LY5\9MD6EM9Y.LOV\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [IRNeroReboot] => "C:\Documents and Settings\User\Desktop\Nero_BurningROM2015_setup-16.4c_softonic_trial.exe" /reboot="1"
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [AvgUpdater0215pit] => C:\Documents and Settings\All Users\Application Data\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe /SETINFO /CMPID=0215pit /INFORETRY=2
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {3c3f7ad6-282c-11e2-bbf8-00059a3c7800} - degildir/cunku.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {a96d2f06-2152-11e3-bce1-00e0910853cd} - F:\LGAutoRun.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {f2980a51-53ba-11e3-bced-00e0910853cd} - F:\wuaakk\maharoko.exe
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-08-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2012-11-01]
ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-05]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Microsoft Office Groove.lnk [2013-08-11]
ShortcutTarget: Microsoft Office Groove.lnk -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hao123.com/?tn=91284697_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1220945662-789336058-842925246-1003\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1220945662-789336058-842925246-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://Vosteran.com/?f=2&a=vst_aw_14_48_ch&cd=2XzuyEtN2Y1L1QzutDtD0EtDzytCtDzzyDtA0C0D0AyE0FyCtN0D0Tzu0StCtDyDzztN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StAtCtAyCyD0CtB0DtGzyyCtDyDtG0BzyyD0BtGtC0ByB0AtGyBzy0ByB0A0FyCtByD0CyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtBtDzztC0D0CtG0EtAyE0DtGyE0E0EyDtG0ByEyC0CtGyEyCtC0Dzy0AtDtD0F0FtAtA2Q&cr=208105147&ir=" <ATTENTION> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1220945662-789336058-842925246-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2007-08-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-02-03] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel(R) Corporation)
S4 QQPCRTP; "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [77463 2003-09-14] (3Com Corporation)
R1 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
S3 tifm; C:\WINDOWS\System32\drivers\tifm.sys [67072 2004-05-21] (Texas Instruments)
R3 tifmsony; C:\WINDOWS\System32\drivers\tifmsony.sys [80896 2007-02-28] (Texas Instruments)
R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
U5 BDMWrench; C:\Windows\System32\Drivers\BDMWrench.sys [229712 2015-04-08] (Baidu)
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQSysMon.sys [X]
S0 TsFltMgr; system32\drivers\TsFltMgr.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSKsp.sys [X]
S1 TSSysKit; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 23:43 - 2015-06-26 23:43 - 00016475 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2015-06-26 23:42 - 2015-06-26 23:43 - 00000000 ____D C:\FRST
2015-06-26 23:40 - 2015-06-26 23:40 - 01636352 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2015-06-25 23:36 - 2015-06-25 23:36 - 00000000 ____D C:\WINDOWS\ERUNT
2015-06-25 23:35 - 2015-06-25 23:36 - 00001479 _____ C:\DelFix.txt
2015-06-25 20:48 - 2015-06-25 23:49 - 00000020 _____ C:\Documents and Settings\User\Application Data\appdataFr2.bin
2015-06-25 20:44 - 2015-06-25 20:44 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Apple Computer
2015-06-25 14:41 - 2015-06-25 22:38 - 05529472 _____ (Advanced System Protector ) C:\Documents and Settings\User\My Documents\aspsetup.exe
2015-06-25 08:14 - 2015-06-26 23:43 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2015-06-25 08:14 - 2015-06-25 08:14 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-25 08:14 - 2015-06-25 08:14 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-25 08:14 - 2015-06-25 08:14 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2015-06-25 08:14 - 2015-06-24 22:26 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-06-25 08:13 - 2015-06-25 08:13 - 00000202 _____ C:\files.log
2015-06-25 05:51 - 2015-06-25 20:40 - 00000269 _____ C:\folders.log
2015-06-24 21:33 - 2015-05-27 00:03 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-24 18:02 - 2015-06-24 18:02 - 00000000 ____D C:\Program Files\ESET
2015-06-24 00:46 - 2015-06-24 00:46 - 00000000 ____D C:\Documents and Settings\User\Application Data\AVG2015
2015-06-24 00:41 - 2015-06-24 00:41 - 00000714 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-24 00:41 - 2015-06-24 00:41 - 00000000 ____D C:\Documents and Settings\User\Application Data\TuneUp Software
2015-06-24 00:41 - 2015-06-24 00:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-23 23:50 - 2015-06-23 23:50 - 00090112 _____ C:\WINDOWS\Minidump\Mini062315-01.dmp
2015-06-23 23:46 - 2015-06-24 19:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-06-23 23:46 - 2015-06-23 23:46 - 00000000 ___HD C:\$AVG
2015-06-23 23:43 - 2015-06-23 23:43 - 00000000 ____D C:\Program Files\AVG
2015-06-23 23:37 - 2015-06-26 22:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-23 23:37 - 2015-06-24 19:39 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Avg2015
2015-06-23 23:37 - 2015-06-23 23:37 - 04635400 _____ (AVG Technologies) C:\Documents and Settings\User\My Documents\avg_avct_stb_all_2015_5577_ppc-avc-welcomecmp4.exe
2015-06-23 23:37 - 2015-06-23 23:37 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\MFAData
2015-06-23 23:21 - 2015-06-25 23:09 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
2015-06-23 23:21 - 2015-06-25 20:59 - 00000065 _____ C:\WINDOWS\QMNetworkMgr.ini
2015-06-23 18:19 - 2015-06-23 18:19 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Tencent
2015-06-23 18:16 - 2015-06-25 23:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Tencent
2015-06-23 18:15 - 2015-06-23 23:15 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-06-23 18:08 - 2015-06-24 20:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Baidu
2015-06-23 18:08 - 2015-06-24 19:04 - 00000000 ____D C:\Documents and Settings\User\Application Data\Baidu
2015-06-23 18:08 - 2015-04-08 09:17 - 00229712 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDMWrench.sys
2015-06-23 18:08 - 2015-04-08 09:17 - 00026824 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDFileDefend.sys
2015-06-23 18:05 - 2015-06-23 18:05 - 00000218 _____ C:\Documents and Settings\User\Local Settings\Application Data\recently-used.xbel
2015-06-23 18:05 - 2015-06-23 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Rising
2015-06-23 18:04 - 2015-06-24 21:06 - 00000000 ____D C:\Program Files\Rising
2015-06-23 18:04 - 2015-06-23 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Rising
2015-06-23 17:40 - 2015-06-23 17:40 - 00001745 _____ C:\Documents and Settings\User\Desktop\Internet Explorer.lnk
2015-06-23 17:40 - 2015-06-23 17:40 - 00001745 _____ C:\Documents and Settings\NetworkService\Desktop\Internet Explorer.lnk
2015-06-23 17:40 - 2015-06-23 17:40 - 00001745 _____ C:\Documents and Settings\LocalService\Desktop\Internet Explorer.lnk
2015-06-23 17:31 - 2015-06-23 17:31 - 00001551 _____ C:\Documents and Settings\User\Desktop\ALNO AG Kitchen Planner.lnk
2015-06-23 17:31 - 2015-06-23 17:31 - 00000000 ____D C:\Program Files\ALNO
2015-06-23 17:31 - 2015-06-23 17:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ALNO AG Kitchen Planner
2015-06-23 17:27 - 2015-06-23 17:31 - 18141860 _____ (ALNO AG ) C:\Documents and Settings\User\My Documents\alno_kplsetup.exe
2015-06-18 22:35 - 2015-06-18 22:35 - 00000000 ____D C:\Documents and Settings\User\Application Data\SketchUp
2015-06-18 22:29 - 2015-06-18 22:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SketchUp
2015-06-14 22:51 - 2015-06-18 22:07 - 83487800 _____ (Trimble Navigation Limited) C:\Documents and Settings\User\My Documents\SketchUpPro-2014-1-1282-61130-en.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 23:19 - 2013-11-10 19:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-26 23:14 - 2012-10-31 16:19 - 00000211 __RSH C:\boot.ini
2015-06-26 23:14 - 2012-10-31 14:32 - 00000000 __RSH C:\CONFIG.SYS
2015-06-26 23:10 - 2012-10-31 14:39 - 00032408 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-26 23:10 - 2012-10-31 14:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-26 23:10 - 2012-10-31 14:31 - 01318779 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 23:04 - 2012-10-31 16:24 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-26 23:04 - 2012-10-31 16:24 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-26 23:03 - 2013-11-10 13:35 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2015-06-26 22:50 - 2012-10-31 14:48 - 00000148 ___SH C:\Documents and Settings\User\ntuser.ini
2015-06-26 22:37 - 2013-07-17 20:42 - 00002187 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2015-06-25 23:29 - 2012-11-01 16:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-25 22:52 - 2012-10-31 16:20 - 00386865 _____ C:\WINDOWS\setupapi.log
2015-06-25 20:40 - 2014-02-02 21:42 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-06-25 07:53 - 2015-05-11 23:16 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2015-06-25 07:53 - 2012-11-01 09:40 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2015-06-25 07:37 - 2014-02-02 21:42 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-24 21:55 - 2014-11-24 20:40 - 00002559 _____ C:\Documents and Settings\User\Desktop\Sophos Virus Removal Tool.lnk
2015-06-24 21:47 - 2008-04-14 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-24 19:35 - 2012-11-01 10:40 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Temp
2015-06-24 18:21 - 2013-11-10 19:14 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-24 18:21 - 2013-11-10 19:14 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-24 17:37 - 2013-06-24 21:50 - 00000000 ___RD C:\Documents and Settings\User\My Documents\Dropbox
2015-06-24 17:35 - 2013-06-24 21:44 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2015-06-23 23:55 - 2013-09-18 20:42 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-23 23:33 - 2013-07-11 20:46 - 00056488 ____H C:\WINDOWS\system32\mlfcache.dat
2015-06-23 23:09 - 2012-11-01 08:30 - 00069256 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-23 23:06 - 2012-10-31 16:20 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-23 17:40 - 2015-05-11 23:48 - 00001815 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-23 17:40 - 2012-10-31 14:39 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-23 17:40 - 2012-10-31 14:37 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-06-18 22:43 - 2015-05-21 18:05 - 00000024 _____ C:\Documents and Settings\User\Application Data\appdataFr25.bin
2015-06-18 22:19 - 2012-10-31 16:21 - 00584298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-18 22:11 - 2013-05-03 16:26 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-06-18 21:47 - 2013-07-27 11:45 - 00000000 ____D C:\Documents and Settings\User\My Documents\namjestaj
2015-05-31 13:57 - 2013-08-17 18:41 - 00000000 ____D C:\Documents and Settings\User\My Documents\OneNote Notebooks
2015-05-31 13:57 - 2013-05-03 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-31 13:50 - 2013-05-03 17:17 - 00000000 ____D C:\Faktura

==================== Files in the root of some directories =======

2015-06-25 20:48 - 2015-06-25 23:49 - 0000020 _____ () C:\Documents and Settings\User\Application Data\appdataFr2.bin
2015-05-21 18:05 - 2015-06-18 22:43 - 0000024 _____ () C:\Documents and Settings\User\Application Data\appdataFr25.bin
2013-12-23 18:30 - 2013-12-23 18:30 - 0000890 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Crashlog.txt
2014-07-13 15:05 - 2014-07-13 15:05 - 0003584 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-01 17:13 - 2012-11-01 17:13 - 0000127 _____ () C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
2015-06-23 18:05 - 2015-06-23 18:05 - 0000218 _____ () C:\Documents and Settings\User\Local Settings\Application Data\recently-used.xbel
2015-06-25 23:12 - 2015-06-25 23:12 - 0001335 _____ () C:\Documents and Settings\User\Local Settings\Application Data\ZedgeLog.txt

Some files in TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\pyl2.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\pyl3.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\pyl4.tmp.exe
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\User\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End of log ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe ako ti nisu potrebni:

Advanced-System Protector
DriverMax 5
globalupdate Helper
Infusionsoft Sync for Gmail



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM\...\Run: [baidusdTray] => "C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
HKLM\...\Run: [ QQPCTray] => "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" /regrun /qqrepair
HKLM\...\Run: [Advanced System~Protector_startup] => "C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [AvgUpdater0215pit] => C:\Documents and Settings\All Users\Application Data\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe /SETINFO /CMPID=0215pit /INFORETRY=2
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {3c3f7ad6-282c-11e2-bbf8-00059a3c7800} - degildir/cunku.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {a96d2f06-2152-11e3-bce1-00e0910853cd} - F:\LGAutoRun.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {f2980a51-53ba-11e3-bced-00e0910853cd} - F:\wuaakk\maharoko.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91284697_hao_pg
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://Vosteran.com/?f=2&a=vst_aw_14_48_ch&cd=2XzuyEtN2Y1L1QzutDtD0EtDzytCtDzzyDtA0C0D0AyE0FyCtN0D0Tzu0StCtDyDzztN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StAtCtAyCyD0CtB0DtGzyyCtDyDtG0BzyyD0BtGtC0ByB0AtGyBzy0ByB0A0FyCtByD0CyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtBtDzztC0D0CtG0EtAyE0DtGyE0E0EyDtG0ByEyC0CtGyEyCtC0Dzy0AtDtD0F0FtAtA2Q&cr=208105147&ir=" <ATTENTION> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
F Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
S4 QQPCRTP; "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r [X]
U5 BDMWrench; C:\Windows\System32\Drivers\BDMWrench.sys [229712 2015-04-08] (Baidu)
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQSysMon.sys [X]
S0 TsFltMgr; system32\drivers\TsFltMgr.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSKsp.sys [X]
S1 TSSysKit; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys [X]
C:\Program Files\Baidu
C:\Program Files\Tencent
C:\Program Files\ASP
C:\Documents and Settings\User\My Documents\aspsetup.exe
2015-06-23 18:08 - 2015-06-24 20:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Baidu
2015-06-23 18:08 - 2015-06-24 19:04 - 00000000 ____D C:\Documents and Settings\User\Application Data\Baidu
2015-06-23 18:08 - 2015-04-08 09:17 - 00229712 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDMWrench.sys
2015-06-23 18:08 - 2015-04-08 09:17 - 00026824 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDFileDefend.sys
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • S2M  Male
  • Građanin
  • life developer
  • Pridružio: 21 Nov 2009
  • Poruke: 54
  • Gde živiš: Stuttgart

Evo ga Fixlog:

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by User at 2015-06-28 00:23:02 Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [baidusdTray] => "C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
HKLM\...\Run: [ QQPCTray] => "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" /regrun /qqrepair
HKLM\...\Run: [Advanced System~Protector_startup] => "C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\Run: [AvgUpdater0215pit] => C:\Documents and Settings\All Users\Application Data\Avg_Update_0215pit\0215pit_AVG-Secure-Search-Update.exe /SETINFO /CMPID=0215pit /INFORETRY=2
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {3c3f7ad6-282c-11e2-bbf8-00059a3c7800} - degildir/cunku.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {a96d2f06-2152-11e3-bce1-00e0910853cd} - F:\LGAutoRun.exe
HKU\S-1-5-21-1220945662-789336058-842925246-1003\...\MountPoints2: {f2980a51-53ba-11e3-bced-00e0910853cd} - F:\wuaakk\maharoko.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hao123.com/?tn=91284697_hao_pg
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://Vosteran.com/?f=2&a=vst_aw_14_48_ch&cd=2XzuyEtN2Y1L1QzutDtD0EtDzytCtDzzyDtA0C0D0AyE0FyCtN0D0Tzu0StCtDyDzztN1L2XzutAtFyCtFtBtFtDtN1L1Czu0C0I0S0V0E0R1V1StN1L1G1B1V1N2Y1L1Qzu2StAtCtAyCyD0CtB0DtGzyyCtDyDtG0BzyyD0BtGtC0ByB0AtGyBzy0ByB0A0FyCtByD0CyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0DtBtDzztC0D0CtG0EtAyE0DtGyE0E0EyDtG0ByEyC0CtGyEyCtC0Dzy0AtDtD0F0FtAtA2Q&cr=208105147&ir=" <ATTENTION> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files\Baidu\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll No File
F Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
S4 QQPCRTP; "C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe" -r [X]
U5 BDMWrench; C:\Windows\System32\Drivers\BDMWrench.sys [229712 2015-04-08] (Baidu)
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S2 QQSysMon; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\QQSysMon.sys [X]
S0 TsFltMgr; system32\drivers\TsFltMgr.sys [X]
S1 TSKSP; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSKsp.sys [X]
S1 TSSysKit; \??\C:\Program Files\Tencent\QQPCMgr\10.9.16350.226\TSSysKit.sys [X]
C:\Program Files\Baidu
C:\Program Files\Tencent
C:\Program Files\ASP
C:\Documents and Settings\User\My Documents\aspsetup.exe
2015-06-23 18:08 - 2015-06-24 20:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Baidu
2015-06-23 18:08 - 2015-06-24 19:04 - 00000000 ____D C:\Documents and Settings\User\Application Data\Baidu
2015-06-23 18:08 - 2015-04-08 09:17 - 00229712 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDMWrench.sys
2015-06-23 18:08 - 2015-04-08 09:17 - 00026824 _____ (Baidu) C:\WINDOWS\system32\Drivers\BDFileDefend.sys
EmptyTemp:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced System~Protector_startup => value removed successfully.
HKU\S-1-5-21-1220945662-789336058-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AvgUpdater0215pit => value removed successfully.
"HKU\S-1-5-21-1220945662-789336058-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c3f7ad6-282c-11e2-bbf8-00059a3c7800}" => key removed successfully.
HKCR\CLSID\{3c3f7ad6-282c-11e2-bbf8-00059a3c7800} => key not found.
"HKU\S-1-5-21-1220945662-789336058-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d2f06-2152-11e3-bce1-00e0910853cd}" => key removed successfully.
HKCR\CLSID\{a96d2f06-2152-11e3-bce1-00e0910853cd} => key not found.
"HKU\S-1-5-21-1220945662-789336058-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2980a51-53ba-11e3-bced-00e0910853cd}" => key removed successfully.
HKCR\CLSID\{f2980a51-53ba-11e3-bced-00e0910853cd} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\Software\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin" => key removed successfully.
F Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully.
QQPCRTP => Service removed successfully.
BDMWrench => Service removed successfully.
BdSandBox => Service removed successfully.
QQSysMon => Service removed successfully.
TsFltMgr => Service removed successfully.
TSKSP => Service removed successfully.
TSSysKit => Service removed successfully.
"C:\Program Files\Baidu" => File/Folder not found.
"C:\Program Files\Tencent" => File/Folder not found.
"C:\Program Files\ASP" => File/Folder not found.
C:\Documents and Settings\User\My Documents\aspsetup.exe => moved successfully.
C:\Documents and Settings\All Users\Application Data\Baidu => moved successfully.
C:\Documents and Settings\User\Application Data\Baidu => moved successfully.
C:\WINDOWS\system32\Drivers\BDMWrench.sys => moved successfully.
C:\WINDOWS\system32\Drivers\BDFileDefend.sys => moved successfully.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:23:59 ====

I izvještaj AdwCleaner u prilogu
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi ESET services repair tool na Desktop.

Pokreni ServicesRepair.exe

Klikni Yes kada se pojavi prozor

Kada alat zavrsi, zatrazice ti da restartujes racunar. Klikni na Yes

Nakon restarta, na Desktop-u ce se nalaziti CC Support folder, a u okviru njega folder Logs

Unutar foldera Logs se nalazi SvcRepair.txt fajl ciji sadrzaj treba da kopiras u temu.

offline
  • S2M  Male
  • Građanin
  • life developer
  • Pridružio: 21 Nov 2009
  • Poruke: 54
  • Gde živiš: Stuttgart

Evo ga log:

Log Opened: 2015-06-28 @ 01:10:55
01:10:55 - -----------------
01:10:55 - | Begin Logging |
01:10:55 - -----------------
01:10:55 - Fix started on a WIN_XP X86 computer
01:10:55 - Prep in progress. Please Wait.
01:10:59 - Prep complete
01:10:59 - Repairing Services Now. Please wait...

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
01:11:01 - Services Repair Complete.
01:11:09 - Reboot Initiated

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje sistema?



Arrow

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • S2M  Male
  • Građanin
  • life developer
  • Pridružio: 21 Nov 2009
  • Poruke: 54
  • Gde živiš: Stuttgart

Malware nije detektovan.

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
malwarebytes.org

Database version:
main: v2015.06.27.07
rootkit: v2015.06.26.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
User :: ASDFGH-12FC382F [administrator]

28.06.2015 09:45:10
mbar-log-2015-06-28 (09-45-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 386205
Time elapsed: 27 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

I evo loga

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.594000 GHz
Memory total: 1055309824, free: 302964736

Downloaded database version: v2015.06.27.07
Downloaded database version: v2015.06.26.01
Downloaded database version: v2015.06.26.01
=======================================
Initializing...
------------ Kernel report ------------
06/28/2015 09:43:55
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\tifmsony.sys
\SystemRoot\system32\DRIVERS\w29n51.sys
\SystemRoot\system32\DRIVERS\el90xbc5.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\vinyl97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.06.27.07
rootkit: v2015.06.26.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86b69ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86b31900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86b69ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86b32520, DeviceName: \Device\00000082\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86b86940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C2F0C2F0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 102398247
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 102398310 Numsec = 166015710

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 137438952960 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86202ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86202890, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86202ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861b8d70, DeviceName: \Device\0000008b\, DriverName: \Driver\tifmsony\
------------ End ----------
File "c:\documents and settings\all users\application data\avg2015\chjw\8cd4560dd455f9c2.dat:565b9829-4969-4a0c-be1c-1111895fee28" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\8cd4560dd455f9c2.dat:bc718c1d-ffee-4d38-978a-10457cffac4f" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\a054dbce54dba4f6.dat:10004137-7841-4452-89ba-f52c7f54745e" is sparse (flags = 32768)
File "c:\documents and settings\all users\application data\avg2015\chjw\a054dbce54dba4f6.dat:ba5b815b-1966-4574-970f-da1b4fcaf67e" is sparse (flags = 32768)
File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2015\log\avgcore.log.1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

OK. Nisi mi odgovorio kakvo je sad stanje.

offline
  • S2M  Male
  • Građanin
  • life developer
  • Pridružio: 21 Nov 2009
  • Poruke: 54
  • Gde živiš: Stuttgart

Uh,izvini.Sad radi dobro.CPU ne ide preko 25%,a prije na 100% čim uključim Chrome.Još nisam probao VPN client da se nakačim na server od firme,rekoh kad ti odobriš Very Happy

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to.

Arrow

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 639 korisnika na forumu :: 13 registrovanih, 0 sakrivenih i 626 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, Bane san, Djole, Dorcolac, Echo, goxin, hyla, Mercury, Mixelotti, Oluj2.1, pein, samsung, vranjanac29