Provera zbog decijih igrica

1

Provera zbog decijih igrica

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Na cerkinom laptopu bile su instalirane igrice koje sam iz straha od virusa i usporenog rada uglanom izbrisao no sada i po ovom log fajlu vidim da jos ima tragova, U mozili se stalno otvaraju prozori sa reklamama za pojedine igrice pa bi da se resim toga. Evo log fajla

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by ANA at 23:29:23 on 2013-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3691.2047 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Windows\STK02N\STK02NM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\TDSupportApp\cdrom_mon.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=f2836f4f-5f6d-419b-85a7-15ad02a0fa80&searchtype=ds&q={searchTerms}&installDate=26/04/2013
mWinlogon: Userinit = userinit.exe,
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [UpdateMyDrivers] C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2F789DE8-E7DE-456B-8C3D-82B087D05024} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2F789DE8-E7DE-456B-8C3D-82B087D05024}\075627F6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2F789DE8-E7DE-456B-8C3D-82B087D05024}\2427967656C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2F789DE8-E7DE-456B-8C3D-82B087D05024}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2F789DE8-E7DE-456B-8C3D-82B087D05024}\75C414E4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B5597286-F737-4CAC-A952-2FB1F1D8B297} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - t-online.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CUI=UN84233379327100294&UM=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\plugins\np-mswmp.dll
FF - plugin: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.shownSelectionUI - true
.
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 88cd5e540000000000003859f971988b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15821
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1623:03:40
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 88cd5e540000000000003859f971988b
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15821
FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.123:11:13
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj_i.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj_i.excTlbr - false
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-4-14 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-4-14 378944]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-1 39768]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-17 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-6-16 365568]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-4-14 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-4-14 80816]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\System32\TDSupportApp\cdrom_mon.exe --> C:\Windows\System32\TDSupportApp\cdrom_mon.exe [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-23 46808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-18 1817088]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-28 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-18 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-14 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-18 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-18 436840]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-18 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 EC168x64;EC168BDA service;C:\Windows\System32\drivers\EC168x64.sys [2007-9-11 132096]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-09 20:30:28 -------- d-----w- C:\ProgramData\MCShield
2013-09-09 20:30:27 -------- d-----w- C:\Program Files (x86)\MCShield
2013-09-06 20:26:37 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{41CEEF04-266E-48E3-A7AE-225D25E45E59}\mpengine.dll
2013-08-16 19:43:26 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-16 19:42:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-08-16 19:42:56 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-16 19:42:54 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-16 19:29:12 -------- d-----w- C:\Windows\System32\MRT
2013-08-16 14:38:29 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-16 14:38:25 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-16 14:38:24 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-16 14:38:23 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-16 14:38:22 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-16 14:38:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-16 14:38:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-16 14:38:14 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-16 14:38:13 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-16 14:38:13 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-16 14:38:12 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-16 13:59:50 -------- d-----w- C:\Users\ANA\AppData\Roaming\Ashampoo
2013-08-16 13:59:42 -------- d-----w- C:\Users\ANA\AppData\Local\ashampoo
2013-08-16 13:59:40 -------- d-----w- C:\ProgramData\Ashampoo
2013-08-16 13:59:29 -------- d-----w- C:\Program Files (x86)\Ashampoo
2013-08-16 06:51:58 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-16 06:51:57 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-16 06:51:56 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-16 06:51:56 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-16 06:51:54 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-16 06:51:54 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-16 06:51:54 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-16 06:51:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-16 06:48:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-16 06:48:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-16 06:47:50 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-16 06:47:49 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-16 06:47:45 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-16 06:47:43 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-16 06:35:13 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-16 06:35:08 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-07-27 20:54:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-27 20:54:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-06-27 19:10:14 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 19:10:14 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
.
============= FINISH: 23:31:03,32 ===============

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Dole navedene korake radi jedan po jedan i nakon svakog urađenog koraka, postavi izvještaje ako se traže. Forum će automatski spojiti poruke ukoliko budu pisane jedna za drugom tako da se ne moraš brinuti oko tzv. "duplog postovanja". Takođe, ako se negdje ne snađeš ili ako nešto pođe naopako obavezno to prijavi.



Arrow Korak 1

Imaš ostatke AVG antivirusa na sistemu.

Otvori Notepad i kopiraj sljedeći tekst:

sc stop avgtp >> log.txt 2>&1
sc delete avgtp >> log.txt 2>&1
del /F /Q "C:\Windows\System32\drivers\avgtpx64.sys" >> log.txt 2>&1
notepad log.txt


Snimi ga na Desktop pod imenom shellscript.bat
Obrati pažnju na ekstenziju .bat

Klikni desnim tasterom miša na shellscript.bat i klikni na Run as Administrator.

Klikni na Yes u prozoru koji će ti iskočiti.

Kopiraj u poruku tekst koji će ti se otvoriti u Notepad-u. Ako se u Notepad-u ne pojavi nikakav tekst to znači da je sve prošlo kako treba i potrebno je samo da to napomeneš u poruci.

Ukoliko ti se Notepad ne otvori, otvori ručno fajl log.txt i postavi njegov sadržaj na forum.




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[0].txt




Arrow Korak 3

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.



Arrow Korak 4

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

korak 1.

sc stop avgtp >> log.txt 2>&1
sc delete avgtp >> log.txt 2>&1
del /F /Q "C:\Windows\System32\drivers\avgtpx64.sys" >> log.txt 2>&1
notepad log.txt


mycity.rs/must-login.png


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by ANA on 10.09.2013 at 17:53:05,96.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANA\AppData\Local\Temp\Rar$EX14.848\zoek.exe [Script inserted]

==== System Restore Info ======================

10.09.2013 17:54:57 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\ANA\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-08-16 06:35:13 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
2013-08-16 06:35:08 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-09-09 20:30:27 -------- d-----w- C:\Program Files (x86)\MCShield
2013-08-16 13:59:29 -------- d-----w- C:\Program Files (x86)\Ashampoo
======= C: =====
====== C:\Users\ANA\AppData\Roaming ======
2013-08-16 13:59:50 -------- d-----w- C:\users\ANA\AppData\Roaming\Ashampoo
2013-08-16 13:59:42 -------- d-----w- C:\users\ANA\AppData\Local\ashampoo
====== C:\Users\ANA ======
2013-09-10 14:45:07 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\ANA\Desktop\q74x9l09.exe
2013-09-10 14:25:06 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\ANA\Desktop\AdwCleaner.exe
2013-09-10 14:08:29 0BC1044E949B7F57F991073EC67C4D85 150 ----a-w- C:\Users\ANA\Desktop\shellscript.bat
2013-09-09 20:52:21 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\ANA\Downloads\dds.com
2013-09-09 20:30:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2013-09-09 20:30:28 -------- d-----w- C:\ProgramData\MCShield
2013-09-09 20:28:57 66D34DFC0DD76A7D506360309755F183 2626304 ----a-w- C:\Users\ANA\Downloads\MCShield-Setup.exe
2013-08-31 17:54:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2013-08-31 17:42:06 0EA95F1E762494B5D928ED4D5B5DA29B 117478104 ----a-w- C:\Users\ANA\Downloads\avast_free_antivirus_setup.exe
2013-08-16 13:59:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2013-08-16 13:59:40 -------- d-----w- C:\ProgramData\Ashampoo

====== C: exe-files ==
2013-09-10 14:45:07 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\ANA\Desktop\q74x9l09.exe
2013-09-10 14:25:06 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\ANA\Desktop\AdwCleaner.exe
2013-09-09 20:30:33 6995543E9F1E86F7571FAD7B5AF7F376 212148 ----a-w- C:\Program Files (x86)\MCShield\MCS-uninstall.exe
2013-09-09 20:30:31 66D34DFC0DD76A7D506360309755F183 2626304 ----a-w- C:\ProgramData\MCShield\MCShield-Setup.exe
2013-09-09 20:28:57 66D34DFC0DD76A7D506360309755F183 2626304 ----a-w- C:\Users\ANA\Downloads\MCShield-Setup.exe
2013-09-06 21:02:55 69078D1A8E8BADFCD2B2EA9B66AB1FD8 6950240 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_28.0.1500.95_chrome_updater.exe
2013-09-05 18:40:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUUP0HD0\SkypeSetupFull[1].exe
=== C: other files ==
2013-09-10 14:08:29 0BC1044E949B7F57F991073EC67C4D85 150 ----a-w- C:\Users\ANA\Desktop\shellscript.bat
2013-09-09 20:52:21 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\ANA\Downloads\dds.com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3300908418-3802915229-2868254740-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"UpdateMyDrivers"="C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"UpdateMyDrivers"="C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-03-20 22:09:54 1556 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27.07.2013 22:54]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.01.2012 14:52]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.01.2012 14:52]
C:\Windows\tasks\HPCeeScheduleForANA-HP$.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []
C:\Windows\tasks\HPCeeScheduleForANA.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13.09.2010 22:15]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default
- Cool Smiley Bar for Facebook - %ProfilePath%\extensions\pluswinks@PlusWinks.xpi
- Speed Analysis 2 - %ProfilePath%\extensions\speedanalysis02@SpeedAnalysis.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

Google Drive - ANA - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - ANA - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Gmail - ANA - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"
"Start Page Restore"="http://www.google.com"
"BrowserMngr Start Page"="http://www.google.com"
"Search Bar"="http://www.bing.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox"
{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found"

==== EOF on 10.09.2013 at 18:05:43,56 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

autoclean;
pluswinks@PlusWinks.xpi;ff
speedanalysis02@SpeedAnalysis.com.xpi;ff
startupall;
emptyalltemp;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.





Question

Kakvo je sada stanje?

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by ANA on 10.09.2013 at 19:42:58,66.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANA\AppData\Local\Temp\Rar$EX37.112\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results10.09.2013-1805.log 9258 bytes

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Nisi dobro ispratio uputstvo.

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Nije mi jasno u cemu gresim. Prenesem tekst,sa Run Script startujem i obavesti me da sacekam i da ne pokrecem browser da ce restartovati i otvoriti log u editoru i nista dalje nakon 20tak minuta niti javlja da je zavrsio niti restartuje niti otvara editor...na C nadjem zoe-results sledece

Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by ANA on 10.09.2013 at 20:53:23,40.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANA\Desktop\zoek\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results10.09.2013-1805.log 9258 bytes
C:\zoek-results10.09.2013-1943.log 389 bytes
C:\zoek-results10.09.2013-2031.log 435 bytes

Isprobao sam malo i vdim da je brze i da nema u ovom trenutku vise velikih prozora sa reklamama za igrice. Gotovo da cu i na mom racunaru isto pokusati jer i tamo ima tragova od igrica vec poduze vreme. Ako nije problem samo da nastavimo u ovoj temi

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Onda Zoek nešto zeza. Za tvoj drugi računar otvori novu temu, ali tek nakon što završimo sa ovim. Ponovi prethodni korak samo sa ovom skriptom:

pluswinks@PlusWinks.xpi;ff
speedanalysis02@SpeedAnalysis.com.xpi;ff
startupall;
emptyalltemp;

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by ANA on 10.09.2013 at 22:19:37,64.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANA\Desktop\zoek\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results10.09.2013-1805.log 9258 bytes
C:\zoek-results10.09.2013-1943.log 389 bytes
C:\zoek-results10.09.2013-2031.log 435 bytes
C:\zoek-results10.09.2013-2054.log 462 bytes

==== FireFox Fix ======================

ProfilePath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default

user.js not found
---- Lines pluswinks@PlusWinks.xpi removed from prefs.js ----


---- Lines pluswinks@PlusWinks.xpi modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1369327569118,\"rdfTime\":1368089726000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1376773614625,\"rdfTime\":1376773614625}}},{\"name\":\"app-profile\",\"addons\":{\"pluswinks@PlusWinks\":{\"descriptor\":\"C:\\\\Users\\\\ANA\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5fdh7f8m.default\\\\extensions\\\\pluswinks@PlusWinks.xpi\",\"mtime\":1374330355092},\"speedanalysis02@SpeedAnalysis.com\":{\"descriptor\":\"C:\\\\Users\\\\ANA\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5fdh7f8m.default\\\\extensions\\\\speedanalysis02@SpeedAnalysis.com.xpi\",\"mtime\":1370726555610}}}]");

---- Lines speedanalysis02@SpeedAnalysis.com.xpi removed from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1369327569118,\"rdfTime\":1368089726000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1376773614625,\"rdfTime\":1376773614625}}},{\"name\":\"app-profile\",\"addons\":{\"pluswinks@PlusWinks\":{\"descriptor\":\"C:\\\\Users\\\\ANA\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5fdh7f8m.default\\\\extensions\\\\disabled\",\"mtime\":1374330355092},\"speedanalysis02@SpeedAnalysis.com\":{\"descriptor\":\"C:\\\\Users\\\\ANA\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5fdh7f8m.default\\\\extensions\\\\speedanalysis02@SpeedAnalysis.com.xpi\",\"mtime\":1370726555610}}}]");

---- FireFox user.js and prefs.js backups ----

prefs__2222_.backup

ProfilePath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\bg0wswdz.default

user.js not found
---- Lines pluswinks@PlusWinks.xpi removed from prefs.js ----


---- Lines pluswinks@PlusWinks.xpi modified from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi removed from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs__2222_.backup

ProfilePath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\cyivnnxl.default

user.js not found
---- Lines pluswinks@PlusWinks.xpi removed from prefs.js ----


---- Lines pluswinks@PlusWinks.xpi modified from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi removed from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs__2222_.backup

ProfilePath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\inz1r9eh.default-1347088815518

user.js not found
---- Lines pluswinks@PlusWinks.xpi removed from prefs.js ----


---- Lines pluswinks@PlusWinks.xpi modified from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi removed from prefs.js ----


---- Lines speedanalysis02@SpeedAnalysis.com.xpi modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs__2222_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted
"C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\extensions\pluswinks@PlusWinks.xpi" deleted
"C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\extensions\speedanalysis02@SpeedAnalysis.com.xpi" deleted
"C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default\extensions\pluswinks@PlusWinks.xpi" deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3300908418-3802915229-2868254740-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"UpdateMyDrivers"="C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"uTorrent"="C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"UpdateMyDrivers"="C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-03-20 22:09:54 1556 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10.09.2013 21:50]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.01.2012 14:52]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28.01.2012 14:52]
C:\Windows\tasks\HPCeeScheduleForANA-HP$.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []
C:\Windows\tasks\HPCeeScheduleForANA.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13.09.2010 22:15]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\ANA\AppData\Roaming\Mozilla\Firefox\Profiles\5fdh7f8m.default
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ANA\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47PLL36K will be deleted at reboot
C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUUP0HD0 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\ANA\AppData\Local\Mozilla\Firefox\Profiles\5fdh7f8m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\ANA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ANA\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47PLL36K" not found
"C:\Users\ANA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUUP0HD0" not found

==== EOF on 10.09.2013 at 22:30:07,61 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

To bi bilo to. S obzirom da ti više reklame ne iskaču, ostaje ti još da uradiš sljedeće i time smo završili:



Arrow

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt
Taj izvještaj ne mroaš da postavljaš ovdje.




Arrow

Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Arrow

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield



Arrow

Za drugi računar koji si spomenuo otvori novu temu u ovom potforumu.

Ko je trenutno na forumu
 

Ukupno su 510 korisnika na forumu :: 5 registrovanih, 1 sakriven i 504 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Buda Baba, hyla, Pancevac, Shilok, slonic_tonic