provera zarazenosti racunara

2

provera zarazenosti racunara

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by pc centar (administrator) on PC-C464735FA91F on 17-05-2015 19:44:08
Running from C:\Documents and Settings\pc centar\My Documents\Downloads
Loaded Profiles: pc centar (Available profiles: pc centar)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
(H.D.S. Hungary) F:\Hard Disk Sentinel\HDSentinel.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe [479412 2008-03-26] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM\...\Run: [Hard Disk Sentinel] => F:\Hard Disk Sentinel\HDSentinel.exe [4334224 2014-01-30] (H.D.S. Hungary)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11] (ATI Technologies Inc.)
HKU\S-1-5-21-436374069-1637723038-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\pc centar\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-11-11] (Facebook Inc.)
HKU\S-1-5-21-436374069-1637723038-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-436374069-1637723038-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-436374069-1637723038-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> Yandex URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-436374069-1637723038-1801674531-1003 -> Moikrug URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-436374069-1637723038-1801674531-1003 -> Yandex URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1637723038-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 87.250.98.250 87.250.97.250
Tcpip\..\Interfaces\{7F946C84-F99B-48F5-8EB6-53494A0EACDB}: [NameServer] 87.250.98.250 87.250.97.250

FireFox:
========
FF ProfilePath: C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: chrome://LVD-SAE/content/unpackedcrx/newtab/newtab.html
FF DefaultSearchEngine: Ask Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-436374069-1637723038-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\pc centar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-436374069-1637723038-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\pc centar\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ask-search.xml [2015-05-16]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml [2014-11-26]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml [2014-11-26]
FF Extension: iLivid - C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\LVD-SAE@iacsearchandmedia.com.xpi [2015-05-08]
FF Extension: BrowseStudio 1.0.1 - C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5a175d0d-5539-4e73-8563-80c93aa35313}.xpi [2014-11-29]
FF Extension: Adblock Plus - C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-20]

Chrome:
=======
CHR Profile: C:\Documents and Settings\pc centar\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\pc centar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\pc centar\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-02-12] (Atheros) [File not signed]
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [543712 2007-03-27] (Atheros Communications, Inc.) [File not signed]
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-04-01] (ATI Technologies Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [209376 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-16] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-03-13] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-03-13] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-03-13] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [55840 2006-11-15] (Atheros Communications, Inc.) [File not signed]
S3 cpuz134; \??\C:\DOCUME~1\PCCENT~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 18:07 - 2015-05-17 19:45 - 00000000 ____D () C:\Documents and Settings\pc centar\Local Settings\Temp
2015-05-16 18:07 - 2015-05-16 18:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-05-16 18:07 - 2015-05-16 18:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-05-16 18:07 - 2015-05-16 18:07 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-05-16 18:07 - 2015-05-16 17:53 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-16 17:54 - 2015-05-16 18:13 - 00014067 _____ () C:\zoek-results.log
2015-05-16 17:53 - 2015-05-16 18:04 - 00000000 ____D () C:\zoek_backup
2015-05-16 17:49 - 2015-05-16 17:49 - 00000530 _____ () C:\Documents and Settings\pc centar\Desktop\Shortcut to zoek.lnk
2015-05-16 15:43 - 2015-05-16 15:43 - 00000000 ___HD () C:\WINDOWS\PIF
2015-05-15 14:56 - 2015-05-15 14:59 - 00000000 ____D () C:\AdwCleaner
2015-05-15 13:32 - 2015-05-17 19:44 - 00000000 ____D () C:\FRST
2015-05-14 15:10 - 2015-05-16 15:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 15:10 - 2015-05-14 15:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 15:10 - 2015-05-14 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-14 15:10 - 2015-05-14 15:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 15:10 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-14 15:10 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-14 13:14 - 2015-05-14 13:14 - 00001809 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-14 13:14 - 2015-05-14 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-05-14 12:49 - 2015-05-14 12:49 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-05 13:07 - 2015-05-05 13:07 - 00000000 ____D () C:\Documents and Settings\pc centar\Application Data\AVG Web TuneUp
2015-04-23 20:56 - 2015-04-23 20:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-21 18:05 - 2015-05-12 23:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-20 12:39 - 2015-05-17 14:41 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-20 12:39 - 2015-05-08 15:02 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-20 00:38 - 2015-04-20 00:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2015-04-20 00:35 - 2015-04-20 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969878_WM9L$
2015-04-20 00:35 - 2015-04-20 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-04-20 00:35 - 2015-04-20 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-04-20 00:35 - 2015-04-20 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2015-04-20 00:35 - 2015-04-20 00:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-04-20 00:32 - 2015-05-14 16:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-04-20 00:31 - 2015-04-20 00:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-04-20 00:29 - 2015-04-20 00:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-04-20 00:29 - 2015-04-20 00:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-04-20 00:28 - 2015-04-20 00:28 - 00006640 _____ () C:\WINDOWS\system32\TZLog.log
2015-04-20 00:28 - 2015-04-20 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-04-20 00:28 - 2015-04-20 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-04-20 00:28 - 2015-04-20 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-04-20 00:28 - 2015-04-20 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845142_WM64$
2015-04-20 00:25 - 2015-04-20 00:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2015-04-20 00:25 - 2015-04-20 00:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-04-20 00:25 - 2015-04-20 00:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-04-20 00:24 - 2015-04-20 00:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2015-04-20 00:24 - 2015-04-20 00:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-04-20 00:24 - 2015-04-20 00:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2015-04-20 00:21 - 2015-04-20 00:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-04-20 00:21 - 2015-04-20 00:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-04-20 00:21 - 2015-04-20 00:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-04-20 00:21 - 2015-04-20 00:21 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-04-20 00:18 - 2015-04-20 00:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2015-04-20 00:18 - 2015-04-20 00:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-04-20 00:18 - 2015-04-20 00:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2015-04-20 00:14 - 2015-04-20 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-20 00:07 - 2015-04-20 00:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-04-19 18:02 - 2013-07-04 05:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2015-04-19 18:02 - 2013-07-04 04:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2015-04-19 18:02 - 2013-07-04 04:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2015-04-19 18:02 - 2013-07-04 04:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2015-04-19 17:53 - 2014-02-26 03:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-04-19 17:53 - 2014-02-26 03:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-04-19 17:34 - 2013-07-03 04:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-04-19 17:27 - 2013-07-17 02:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-04-19 17:27 - 2013-07-17 02:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-04-19 17:26 - 2013-08-09 02:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-04-19 17:26 - 2013-08-09 02:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2015-04-19 17:26 - 2013-08-09 02:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-04-19 17:26 - 2009-03-18 13:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-04-19 17:23 - 2014-03-06 19:59 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-04-19 17:23 - 2014-03-06 19:59 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-04-18 18:52 - 2015-04-18 18:52 - 00001472 _____ () C:\Documents and Settings\pc centar\Start Menu\Counter-Strike 1.6.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 19:42 - 2014-12-09 12:28 - 00000000 ____D () C:\Documents and Settings\pc centar\Application Data\Skype
2015-05-17 19:32 - 2015-03-16 16:48 - 00000430 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{EEFADBE6-CEC8-4327-8EE6-CEC618EE7532}.job
2015-05-17 19:23 - 2014-06-05 13:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 19:04 - 2014-11-11 22:59 - 00001014 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1637723038-1801674531-1003UA.job
2015-05-17 18:59 - 2014-07-08 17:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-17 18:45 - 2014-07-20 12:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-05-17 16:46 - 2014-06-05 12:09 - 01994842 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-17 16:17 - 2014-06-05 12:16 - 00032502 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-17 14:41 - 2014-06-05 14:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-17 14:41 - 2014-06-05 14:02 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-17 14:41 - 2014-06-05 13:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 14:41 - 2014-06-05 12:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-16 23:22 - 2014-06-05 12:17 - 00000278 ___SH () C:\Documents and Settings\pc centar\ntuser.ini
2015-05-16 23:18 - 2014-06-29 22:48 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\Jowana
2015-05-16 22:04 - 2014-11-11 22:59 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1637723038-1801674531-1003Core.job
2015-05-16 18:13 - 2015-02-12 21:10 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-05-16 18:04 - 2015-02-12 19:47 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-05-16 17:46 - 2014-12-26 12:01 - 00000000 ____D () C:\Documents and Settings\pc centar\My Documents\Преузимања
2015-05-15 23:10 - 2014-06-30 16:07 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\MUZIKA
2015-05-15 18:22 - 2015-03-05 18:22 - 00002497 _____ () C:\Documents and Settings\pc centar\Desktop\Microsoft Office Word 2003.lnk
2015-05-15 14:59 - 2014-12-21 13:53 - 00017344 ____C () C:\Documents and Settings\pc centar\debug.log
2015-05-14 22:20 - 2014-06-05 12:17 - 00000000 ____D () C:\Documents and Settings\pc centar
2015-05-14 13:14 - 2014-06-05 13:12 - 00000000 ____D () C:\Program Files\Google
2015-05-14 12:55 - 2014-11-15 13:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-14 12:50 - 2015-01-05 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-05-14 12:49 - 2014-12-20 22:57 - 00000000 ____D () C:\Program Files\Java
2015-05-14 12:47 - 2014-12-20 22:58 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-05-14 12:47 - 2014-12-20 22:58 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-12 23:13 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-12 23:07 - 2013-03-13 20:22 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
2015-05-10 20:08 - 2014-08-13 22:21 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\SLIKE
2015-05-08 13:10 - 2014-12-26 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-05-08 13:09 - 2014-12-26 16:55 - 00000000 ___RD () C:\Program Files\Skype
2015-05-05 23:29 - 2014-11-16 22:12 - 00001374 _____ () C:\WINDOWS\system32\debug.log
2015-05-05 21:26 - 2014-12-21 19:56 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\LEKOVITI RECEPTI
2015-05-05 14:30 - 2014-12-08 19:42 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\Igrice
2015-05-05 00:57 - 2014-06-30 21:35 - 00210944 __SHC () C:\Documents and Settings\pc centar\Desktop\Thumbs.db
2015-04-27 21:08 - 2014-12-26 16:55 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-04-25 21:09 - 2015-03-19 19:36 - 00000000 ____D () C:\Documents and Settings\pc centar\My Documents\Euro Truck Simulator
2015-04-24 12:37 - 2014-12-26 11:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-21 13:14 - 2014-08-17 21:22 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-20 23:19 - 2014-09-11 14:57 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-04-20 20:55 - 2014-07-13 16:07 - 00000000 ___RD () C:\Documents and Settings\pc centar\Desktop\RECEPTI
2015-04-20 20:54 - 2014-06-05 12:20 - 00042944 _____ () C:\Documents and Settings\pc centar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-20 13:23 - 2014-06-05 13:58 - 00192976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-20 13:06 - 2014-06-05 14:00 - 00492248 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-01-31 19:35 - 2015-01-31 19:35 - 0000218 ____C () C:\Documents and Settings\pc centar\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
[Link mogu videti samo ulogovani korisnici]



offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Ponovo pokreni zoek ;


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;


U beli okvir prozora iskopiraj sledeći tekst:

 
FFdefaults;
iedefaults;
BrowseStudio 1.0.1;ff
C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ask-search.xml;f
C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5a175d0d-5539-4e73-8563-80c93aa35313}.xpi;f
EmptyCLSID;
emptyalltemp;




Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.



offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by pc centar on pon 18.05.2015 at 12:46:08,57.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\pc centar\My Documents\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-05-16-161325.log 14067 bytes

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "chrome://LVD-SAE/content/unpackedcrx/newtab/newtab.html");
user_pref("browser.search.defaultenginename", "Ask Search");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.05.2015_1248_.backup

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\ask-search.xml" deleted
"C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5a175d0d-5539-4e73-8563-80c93aa35313}.xpi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [20.04.2015 23:25]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
- iLivid - %ProfilePath%\extensions\LVD-SAE@iacsearchandmedia.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\pc centar\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
6DE7BF0DADC0881F7ED82D9FCC998B89 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
08ACECEB47FAF053C468D8AFE44709AD - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CA808688B28D12B368F9A511FC5E3697 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45
B28862688B70415A3C0C5DCC8B242388 - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.15
DCB0BCEF594E2C410793C4A823C318F3 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
77B8694352764F6079A2332FAD7FD426 - C:\Documents and Settings\pc centar\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
3CD19649B2C3023D65E67C056457A2BC - C:\Documents and Settings\pc centar\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
8352E35875F8A69C39550FE991BA23F5 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\pc centar\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\pc centar\Local Settings\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\pc centar\Local Settings\Application Data\Opera Software\Opera Stable\Cache emptied successfully
C:\Documents and Settings\pc centar\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=302 folders=69 95948440 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully
C:\Documents and Settings\pc centar\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\PCCENT~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\pc centar\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on pon 18.05.2015 at 12:51:07,85 ======================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Uradi sledece:

Klikni Start dugme>Run
u prozor koji se otvori kopiraj sledece:
cmd /c del /a/f/q C:\Documents and Settings\PCCENT~1\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\LVD-SAE@iacsearchandmedia.com.xpi

pa pritisni Enter.

--------------------------------

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[Link mogu videti samo ulogovani korisnici]

Database version:
main: v2015.05.18.05
rootkit: v2015.05.16.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pc centar :: PC-C464735FA91F [administrator]

18.5.2015 21:31:44
mbar-log-2015-05-18 (21-31-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 306726
Time elapsed: 16 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[Link mogu videti samo ulogovani korisnici]

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Mislim da je to to, ima li nekih problema?

offline
  • Pridružio: 27 Sep 2013
  • Poruke: 94

HVALA ZA SVE,MNOGO STE MI POMOGLI,VISE MI NE ISKACU REKLAMNI PROZORI I NEZELJENE STRANICE I JOS DA PITAM DA LI POSTOJI PROGRAM KOJI BI IZBRISAO SVE ONO STO SAM SKIDAO I ONE IZVESTAJE KOJI NISU POTREBNI,NEKAD PRE SU MI TO SUGERISALI.HVALA JOS JEDNOM I AKO IMA NEKA PREPORUKA CEGA DA SE PRIDRZAVAM.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8653
  • Gde živiš: Novi Beograd

Sta da ti kazem, pazi sta klikces. Ne klikci na sumnjive linkove, pazi koje programe instaliras i proveri da li uz njih ne dolaze i neki drugi programi, to je ono kad klikces Next, Next a ne citas da se jos nesto instaliralo sa programom koji si skinuo.
Pazi na torrentima sta klikces...

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Ko je trenutno na forumu
 

Ukupno su 4319 korisnika na forumu :: 18 registrovanih, 1 sakriven i 4300 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Aleksa 3215, alex71, bojcistv, bpop, cenejac111, Dare, dejan1972, Dorcolac, jon istvan, kutija11, LukaRovca, redstar72, suton, Szigetwar, Tas011, Trpe Grozni, Zastava, Đurđevdan