Komp sam brise foldere

Komp sam brise foldere

offline
  • Pridružio: 19 Jun 2012
  • Poruke: 5

Primetio sam da folderi sami nestaju jednostavno ih nema. Gledao sam medju skrivenim fajlovima ni tamo ih nema danas sam rekonstruisao obrisane podatke i delimicno povratio nesto, ali se plasim da se ne ponovi. Moze li biti virus? Hvala unapred

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Milana (administrator) on COWPUTER on 03-03-2015 19:02:53
Running from E:\Documents and Settings\Milana\Desktop
Loaded Profiles: Milana & UpdatusUser (Available profiles: Milana & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Analog Devices, Inc.) E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Microsoft Corporation) E:\WINDOWS\system32\rundll32.exe
(Google) E:\Program Files\Google\Google Talk\googletalk.exe
(ESET) E:\Program Files\ESET\ESET Smart Security\egui.exe
(ZSMCSNAP) E:\WINDOWS\vmsnap3.exe
(Vimicro) E:\WINDOWS\Domino.exe
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(ESET) E:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) E:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Analog Devices, Inc.) E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
() E:\Documents and Settings\Milana\Application Data\Search Protection\SP.exe
() E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(InterVideo Inc.) E:\Program Files\InterVideo\WinDVR\WinScheduler.exe
() E:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) E:\Program Files\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Smapp] => E:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => E:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-03] ()
HKLM\...\Run: [googletalk] => E:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [egui] => E:\Program Files\ESET\ESET Smart Security\egui.exe [3076144 2011-08-09] (ESET)
HKLM\...\Run: [VMSnap3] => E:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
HKLM\...\Run: [Domino] => E:\WINDOWS\Domino.EXE [49152 2006-06-28] (Vimicro)
HKLM\...\Run: [BigDog303] => E:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Browser Extensions] => E:\Documents and Settings\Milana\Application Data\Browser Extensions\CouponsHelper.exe [544720 2015-02-27] ()
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Search Protection] => E:\Documents and Settings\Milana\Application Data\Search Protection\SP.EXE [892000 2015-02-11] ()
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk
ShortcutTarget: InterVideo WinScheduler.lnk -> E:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\MpegTV Station PCITV Remote Control.lnk
ShortcutTarget: MpegTV Station PCITV Remote Control.lnk -> E:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1060284298-484061587-1177238915-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1060284298-484061587-1177238915-1003 -> DefaultScope {CA480602-2674-4BDA-87B9-9CF236E4B2FB} URL = search.yahoo.com/search?fr=chr-greentree_i.....811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1060284298-484061587-1177238915-1003 -> {CA480602-2674-4BDA-87B9-9CF236E4B2FB} URL = search.yahoo.com/search?fr=chr-greentree_i.....811&p={searchTerms}
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> E:\Documents and Settings\Milana\Application Data\Browser Extensions\Coupons.dll ()
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - E:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-11]

Chrome:
=======
CHR HomePage: Profile 2 ->
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Profile 2 -> yahoo.com search
CHR DefaultSearchURL: Profile 2 -> search.yahoo.com/search?fr=chr-yo_gc&e.....811&p={searchTerms}
CHR DefaultSuggestURL: Profile 2 -> ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - E:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - E:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - E:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - E:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - E:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - E:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - E:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Profile: E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]
CHR Extension: (Google Drive) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]
CHR Extension: (YouTube) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]
CHR Extension: (Google Search) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]
CHR Extension: (Hangouts) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-02-03]
CHR Extension: (Google Wallet) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - E:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; E:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-08-09] (ESET)
R2 SoundMAX Agent Service (default); E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
R2 TeamViewer; E:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BT848; E:\WINDOWS\System32\drivers\BT848.sys [266180 2001-12-31] () [File not signed]
R2 BTTUNER; E:\WINDOWS\System32\drivers\BTTUNER.sys [18944 2002-06-11] (Conexant Systems, Inc.) [File not signed]
R2 BTXBAR; E:\WINDOWS\System32\drivers\BTXBAR.sys [13308 1999-07-21] (Conexant Systems, Inc.) [File not signed]
S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 eamon; E:\WINDOWS\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
R1 ehdrv; E:\WINDOWS\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfw; E:\WINDOWS\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R3 Epfwndis; E:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39824 2011-08-09] (ESET)
R1 epfwtdi; E:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2011-08-04] (ESET)
R3 FETNDIS; E:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R0 mv61xxmm; E:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2011-07-13] (Marvell Semiconductor Inc.)
R0 mv64xxmm; E:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2011-07-13] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; E:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2011-07-13] (Marvell Semiconductor Inc.)
S3 NdisIP; E:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 USBCM; E:\WINDOWS\System32\DRIVERS\Sacm2A.sys [15429 2004-06-10] ( )
R0 viamraid; E:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2010-02-22] (VIA Technologies inc,.ltd)
R0 videX32; E:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S3 vmfilter303; E:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
S3 ZSMC303; E:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 19:02 - 2015-03-03 19:03 - 00012415 _____ () E:\Documents and Settings\Milana\Desktop\FRST.txt
2015-03-03 19:02 - 2015-03-03 19:03 - 00000000 ____D () E:\FRST
2015-03-03 19:00 - 2015-03-03 19:01 - 01132032 _____ (Farbar) E:\Documents and Settings\Milana\Desktop\FRST.exe
2015-03-03 13:49 - 2015-03-03 13:50 - 00000000 ____D () E:\Program Files\Recuva
2015-03-03 13:49 - 2015-03-03 13:49 - 00001518 _____ () E:\Documents and Settings\All Users\Desktop\Recuva.lnk
2015-03-03 13:49 - 2015-03-03 13:49 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Recuva
2015-03-03 13:47 - 2015-03-03 13:48 - 00000000 ____D () E:\Documents and Settings\Milana\Local Settings\Application Data\Facebook
2015-03-03 12:58 - 2015-03-03 12:58 - 00000712 _____ () E:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-03-03 12:58 - 2015-03-03 12:58 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-02-03 17:02 - 2015-02-03 17:02 - 00000000 ____D () E:\Documents and Settings\Milana\Start Menu\Programs\Chrome апликације
2015-02-03 16:59 - 2015-02-03 16:59 - 00001865 _____ () E:\Documents and Settings\Milana\Desktop\Покретач Chrome апликација.lnk
2015-02-03 16:59 - 2015-02-03 16:59 - 00000000 ____D () E:\Documents and Settings\Milana\Start Menu\Programs\Google Chrome

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 19:03 - 2013-01-24 14:31 - 00000000 ____D () E:\Documents and Settings\Milana\Local Settings\Temp
2015-03-03 19:01 - 2013-11-18 19:07 - 00000000 ____D () E:\Documents and Settings\Milana\Application Data\Skype
2015-03-03 18:47 - 2013-03-22 15:27 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-03 18:42 - 2014-01-21 12:23 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-03 14:42 - 2014-01-21 12:23 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 14:04 - 2014-09-08 09:38 - 00000424 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{69C0ED32-0826-492F-B2AB-E7DF599E3173}.job
2015-03-03 13:37 - 2013-01-24 14:20 - 00000000 ____D () E:\WINDOWS\system32\Restore
2015-03-03 13:20 - 2013-02-02 19:04 - 00000000 ____D () E:\Program Files\TeamViewer
2015-03-03 12:58 - 2013-02-02 19:07 - 00000000 ____D () E:\Documents and Settings\Milana\Application Data\TeamViewer
2015-03-03 10:11 - 2013-01-24 14:22 - 01150299 _____ () E:\WINDOWS\WindowsUpdate.log
2015-03-03 09:44 - 2013-01-24 15:14 - 00000159 _____ () E:\WINDOWS\wiadebug.log
2015-03-03 09:44 - 2013-01-24 15:14 - 00000048 _____ () E:\WINDOWS\wiaservc.log
2015-03-03 09:44 - 2013-01-24 14:29 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2015-03-03 01:26 - 2013-01-24 14:29 - 00032502 _____ () E:\WINDOWS\SchedLgU.Txt
2015-03-03 01:25 - 2013-01-24 14:31 - 00000178 ___SH () E:\Documents and Settings\Milana\ntuser.ini
2015-03-02 21:51 - 2013-08-22 10:03 - 00000000 ____D () E:\Program Files\The KMPlayer
2015-03-02 20:45 - 2013-01-29 23:23 - 00223744 _____ () E:\Documents and Settings\Milana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-02 17:02 - 2014-08-29 17:12 - 00000000 ____D () E:\Documents and Settings\Milana\Application Data\Browser Extensions
2015-02-20 17:48 - 2014-01-21 12:25 - 00001821 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2013-03-22 15:27 - 00701616 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-04 22:47 - 2008-04-14 13:00 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-04 11:09 - 2014-10-09 09:38 - 00000000 ___RD () E:\Program Files\Skype
2015-02-04 11:09 - 2013-11-18 19:06 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Skype

==================== Files in the root of some directories =======

2013-01-29 23:23 - 2015-03-02 20:45 - 0223744 _____ () E:\Documents and Settings\Milana\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.6.0.87.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.7.0.109.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.7.0.113.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.8.0.120.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.8.0.121.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.8.0.122.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.8.0.123.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.0.124.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.0.125.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.0.126.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.0.127.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.0.128.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.1.129.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.1.130.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.1.131.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.1.132.exe
E:\Documents and Settings\Milana\Local Settings\Temp\KMP_3.9.1.133.exe
E:\Documents and Settings\Milana\Local Settings\Temp\ose00000.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl1.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl2.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl3.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl5.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl6.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pyl8.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\pylC.tmp.exe
E:\Documents and Settings\Milana\Local Settings\Temp\SearchProtectionSetup.exe
E:\Documents and Settings\Milana\Local Settings\Temp\SkypeSetup.exe
E:\Documents and Settings\Milana\Local Settings\Temp\{EFCF6D61-C113-48B0-A86F-11904525E887}-34.0.1847.116_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Izvini na čekanju.



Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

Browser Extensions
Search Protection



Arrow

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Browser Extensions] => E:\Documents and Settings\Milana\Application Data\Browser Extensions\CouponsHelper.exe [544720 2015-02-27] ()
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Search Protection] => E:\Documents and Settings\Milana\Application Data\Search Protection\SP.EXE [892000 2015-02-11] ()
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
E:\Documents and Settings\Milana\Application Data\Browser Extensions
E:\Documents and Settings\Milana\Application Data\Search Protection
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Pridružio: 19 Jun 2012
  • Poruke: 5

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Milana at 2015-03-06 12:42:47 Run:1
Running from E:\Documents and Settings\Milana\Desktop
Loaded Profiles: Milana & UpdatusUser (Available profiles: Milana & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Browser Extensions] => E:\Documents and Settings\Milana\Application Data\Browser Extensions\CouponsHelper.exe [544720 2015-02-27] ()
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\...\Run: [Search Protection] => E:\Documents and Settings\Milana\Application Data\Search Protection\SP.EXE [892000 2015-02-11] ()
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1060284298-484061587-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
E:\Documents and Settings\Milana\Application Data\Browser Extensions
E:\Documents and Settings\Milana\Application Data\Search Protection
EmptyTemp:
*****************

HKU\S-1-5-21-1060284298-484061587-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => Value not found.
HKU\S-1-5-21-1060284298-484061587-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1060284298-484061587-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1060284298-484061587-1177238915-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"E:\Documents and Settings\Milana\Application Data\Browser Extensions" => File/Directory not found.
"E:\Documents and Settings\Milana\Application Data\Search Protection" => File/Directory not found.
EmptyTemp: => Removed 4.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:45:20 ====
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje sistema?

offline
  • Pridružio: 19 Jun 2012
  • Poruke: 5

Za sada je sve ok, hvala

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Onda bismo završili.

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 715 korisnika na forumu :: 37 registrovanih, 7 sakrivenih i 671 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., amonsrb, bata melenčan, bojank, Chainsaw, chica, dexter300, djboj, Djokislav, Drug pukovnik, FOX, Georgius, ikan, kripo, lekso, MB120mm, mercedesamg, Milan A. Nikolic, Mlav, MrNo, Mugy, NoOneEver Dreams, Pohovani_00, repac, riva, ruseskij, SlaKoj, Snorks, Steeeefan, Tas011, Toni, Toper, Van, vasa.93, yufighter