spor racunar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by digital on sub 30.11.2013 at 13:10:10,26.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\digital\LOCALS~1\Temp\Temporary Directory 2 for zoek (2).zip\zoek.com [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-29-165410.log 14391 bytes
C:\zoek-results2013-11-29-215048.log 21831 bytes

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\digital\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-11-23 12:33:01 -------- d-----w- C:\Program Files\PhotoScape
======= C: =====
2013-11-26 15:59:41 18FAD2DCB8238CA4FF493DCE6DA25BA6 2198239 ----a-w- C:\sWeather.zip
2013-11-26 15:53:00 70B4AD54C0A93338728935FC2EF577F8 119327 ----a-w- C:\Weather_Meter.zip
====== C:\Documents and Settings\digital\Application Data ======
2013-11-30 11:58:00 -------- d-----w- C:\Documents and Settings\digital\Start Menu\Programs\CyberLink PowerDVD 9
2013-11-28 21:14:01 50D1225FCF42097C24D117B2FBDC9EAF 64744 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-11-25 18:34:52 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2013-11-23 12:43:55 -------- d-----w- C:\Documents and Settings\digital\Application Data\PhotoScape
2013-11-14 17:36:49 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\AVG
2013-11-13 14:45:17 -------- d-----w- C:\Documents and Settings\digital\Application Data\AVG
2013-11-04 15:43:20 -------- d-----w- C:\Documents and Settings\digital\Application Data\Qualys
====== C:\Documents and Settings\digital ======
2013-11-27 20:53:05 -------- d--h--r- C:\Documents and Settings\digital\Recent

====== C: exe-files ==
2013-12-31 14:07:47 72EE1BFBB8E863CBEA43A686AEAE1177 2077312 ----a-w- C:\Documents and Settings\digital\My Documents\??????????\needforrussia_setup(2).exe
2013-12-31 14:06:37 72EE1BFBB8E863CBEA43A686AEAE1177 2077312 ----a-w- C:\Documents and Settings\digital\My Documents\??????????\needforrussia_setup(1).exe
2013-11-28 12:28:06 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Documents and Settings\digital\My Documents\Downloads\jlgmqb9p.exe
2013-11-28 11:58:08 AFAFA655CC59872129A32CDE4F60F2DE 1091882 ----a-w- C:\Documents and Settings\digital\My Documents\Downloads\AdwCleaner.exe
2013-11-26 15:58:10 F0B991FC49D6235BD6D47832CB583615 338984 ----a-w- C:\Documents and Settings\digital\My Documents\Downloads\sWeather__2736_il2025400.exe
2013-11-26 15:50:49 F0B991FC49D6235BD6D47832CB583615 338984 ----a-w- C:\Documents and Settings\digital\My Documents\Downloads\Weather Meter__2736_il2060035.exe
2013-11-26 11:53:58 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe
2013-11-23 12:36:19 918B9CF0985B93F5AE459883E30E90FF 86569 ----a-w- C:\Program Files\PhotoScape\uninstall.exe
2013-11-23 12:21:45 B65C28AE8635E0634639D32B3C4C1AE5 486744 ----a-w- C:\Documents and Settings\digital\Desktop\JOVANA\PhotoScape_V3.6.5-aoc-jd.exe
=== C: other files ==
2013-11-26 15:59:41 18FAD2DCB8238CA4FF493DCE6DA25BA6 2198239 ----a-w- C:\sWeather.zip
2013-11-26 15:53:00 70B4AD54C0A93338728935FC2EF577F8 119327 ----a-w- C:\Weather_Meter.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe /nosplash /minimized"
"se"="C:\Documents and Settings\digital\Application Data\SkypEmoticons\se.exe /minimized "
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe -nogui"
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"RemoteControl9"="C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe"
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background"
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe /nosplash /minimized"
"se"="C:\Documents and Settings\digital\Application Data\SkypEmoticons\se.exe /minimized "
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16.09.2013 14:09]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24.06.2013 13:06]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24.06.2013 13:06]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [19.04.2013 12:35]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Skype extension for Firefox - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\digital\Application Data\Mozilla\Firefox\Profiles\g2zdq4un.default-1366142093421
C2321043FA2CA4C32FF449DE6116B5D9 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
F0DBF31A1C23D334A02FDF524701D390 - C:\Documents and Settings\digital\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
B50F45C9DCE776FCA64A3A8BD3D6A6F7 - C:\Games\GreenWebPlayer\npgreenwebplayer.dll - GreenWebPlayer
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM


==== Chrome Look ======================

Qualys BrowserCheck for Windows - digital - Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk
Google Wallet - digital - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs - NetworkService - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - NetworkService - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - NetworkService - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - NetworkService - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - NetworkService - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.gamehitzone.com/?utm_source=NightStreetRacing&utm_medium=start"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== EOF on sub 30.11.2013 at 13:16:17,29 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Pošalji ovaj fajl:
My Documents\Downloads\sWeather__2736_il2025400.exe

preko sljedećeg linka

http://www.mycity.rs/ambulanta-upload.php



Korak 2


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

[HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run];r
"se"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"se"=-;r
C:\Program Files\GreyGray;fs


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadržaj tog loga u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

trazeni fajl je uspesno uploadovan a evo i izvestaj zoek.exe:
Zoek.exe Version 4.0.0.5 Updated 24-November-2013
Tool run by digital on sub 30.11.2013 at 21:37:30,45.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\DOCUME~1\digital\LOCALS~1\Temp\Temporary Directory 1 for zoek (2).zip\zoek.com [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-11-29-165410.log 14391 bytes
C:\zoek-results2013-11-29-215048.log 21831 bytes
C:\zoek-results2013-11-30-121617.log 9817 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1757981266-562591055-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"se"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"se"=-

==== Deleting Files \ Folders ======================

C:\Program Files\GreyGray not found

==== EOF on sub 30.11.2013 at 21:39:25,43 ======================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To bi bilo to. Malware-a nije bilo, a junkware smo očistili. Ostaje ti još da uradiš sljedeće:




Uklonićemo korišćene alate.
Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvještaj u Notepadu.
Napomena: Izvještaj ce takodje biti sacuvan na C:\DelFix.txt
Taj izvještaj mi nije potreban.





Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.





Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net
Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html
Facebook stranica MCShield-a: http://www.facebook.com/MCShield





http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html

Pročitaj ovaj članak kako bi ubuduće imao manje probjema sa junkware-om.





Otvori u Windows potforumu temu i tamo opiši problem sa performansama sistema ukoliko ga još imaš.
http://www.mycity.rs/Windows/



Pozdrav.