Molio bih pomoć oko ibsvc.exe. Pojavljuje mi se na Windows Task Manager-u i zauzima cjelokupnu memoriju, neprekidno se pojacavajuci i smanjivajuci opterecuje kompjuter. Dođe do 100% pa se spusti na 60, 30 pa ponovo na 100%.. Problem me muči duže vrijeme, vjerovatno sam ga skinuo zajedno sa nekom igricom ili aplikacijom. Kada odem na end process, ugasi ga na neko vrijeme i onda se opet pojavi. Konekcija mi je dial-up, mjerač mi mjeri 1.53mbps.. Imam slabije napajanje pa se komp i nerijetko ugasi, pa ako ima još kakvih prijedloga kako da ga ubrzam neće biti suvišno..
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Jolly at 18:41:03 on 2014-03-24
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.511.106 [GMT 1:00]
============== Running Processes ================
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
C:\Program Files\outobox\updateoutobox.exe
C:\Program Files\outobox\bin\utiloutobox.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
============== Pseudo HJT Report ===============
mStart Page = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}
mWinlogon: Shell = explorer.exe,algv.exe
mWinlogon: SFCDisable = dword:-99
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\documents and settings\jolly\application data\newnext.me\nengine.dll",EntryPoint -m l
uRun: [svchost] regsvr32 /s "C:\Temp:00072CCA.dat"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [algv.exe] c:\windows\system32\algv.exe
mRun: [x.exe] "c:\windows\system32\algv.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [svchost] regsvr32 /s "C:\Temp:00072CCA.dat"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer =
TCP: Interfaces\{6287A60B-9DD6-467B-9C5D-F28CC30FE313} : DHCPNameServer =
TCP: Interfaces\{C6A9CF3D-B71B-4E4D-91A6-E46D3F9C44F8} : DHCPNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\movies~1\datamngr\mgrldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
================= FIREFOX ===================
FF - ProfilePath - c:\documents and settings\jolly\application data\mozilla\firefox\profiles\u50vzrml.default\
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-18 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2011-12-22 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2011-12-22 11264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-10 302368]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-3-8 242240]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [2014-2-19 55224]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-2-13 166352]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-13 193288]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-12-20 574464]
R2 IBUpdaterService;Updater Service;c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe [2013-3-20 644856]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\jolly\local settings\application data\torch\update\TorchCrashHandler.exe [2013-11-4 1213448]
R2 Update outobox;Update outobox;c:\program files\outobox\updateoutobox.exe [2013-12-7 348440]
R2 Util outobox;Util outobox;c:\program files\outobox\bin\utiloutobox.exe [2013-12-25 348440]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2011-12-22 35712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2011-12-20 347648]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== File Associations ===============
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
=============== Created Last 30 ================
==================== Find3M ====================
2014-02-28 16:25:57 505392 ----a-w- c:\windows\system32\msvcp71.dll
2014-02-19 11:28:13 55224 ----a-w- c:\windows\system32\drivers\tStLib.sys
2014-01-04 18:08:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-04 18:08:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-07-06 01:43:26 1269760 --sha-w- c:\windows\system32\algv.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Link mogu videti samo ulogovani korisnici]
Windows 5.1.2600 Disk: WDC_WD1600AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x82DCD0E8]<<
_asm { MOV EAX, 0x82dcd008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82dd1eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EE120] -> \Device\Harddisk0\DR0[0x82D63AB8]
\Driver\Disk[0x82D64940] -> IRP_MJ_CREATE -> 0x82DCD0E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x82dcd0e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
============= FINISH: 18:41:42,54 ===============
DDS (Ver_2012-11-20.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/21/2011 12:27:21 PM
System Uptime: 3/24/2014 6:18:27 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | M2V
Processor: AMD Athlon(tm) 64 Processor 3200+ | SOCKET AM2 | 1999/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 41.075 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 43.405 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Device ID: ACPI\ATK0110\1010110
PNP Device ID: ACPI\ATK0110\1010110
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D8E1589&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D8E1589&0
Service: i8042prt
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&172FB5D3&0&4099
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\4&172FB5D3&0&4099
==== System Restore Points ===================
RP1: 12/24/2013 6:22:54 PM - System Checkpoint
RP2: 12/24/2013 6:23:16 PM - Created by Wise Disk Cleaner
RP3: 12/24/2013 6:38:11 PM - Installed PerfectSpeed PC Optimizer.
RP4: 12/26/2013 8:56:40 PM - System Checkpoint
RP5: 12/27/2013 9:42:19 PM - System Checkpoint
RP6: 12/28/2013 3:51:53 PM - Installed ProductName
RP7: 12/28/2013 4:20:01 PM - Installed ProductName
RP8: 12/29/2013 7:56:51 PM - System Checkpoint
RP9: 12/30/2013 7:59:43 PM - System Checkpoint
RP10: 12/31/2013 8:05:52 PM - System Checkpoint
RP11: 1/1/2014 8:44:56 PM - System Checkpoint
RP12: 1/3/2014 1:07:31 PM - System Checkpoint
RP13: 1/3/2014 10:47:58 PM - Installed DirectX
RP14: 1/3/2014 10:49:33 PM - Installed DirectX
RP15: 1/3/2014 10:49:48 PM - Installed DirectX
RP16: 1/3/2014 10:49:58 PM - Installed DirectX
RP17: 1/3/2014 10:50:06 PM - Installed DirectX
RP18: 1/4/2014 12:13:55 PM - Installed Nero 2014.
RP20: 1/6/2014 3:29:42 AM - System Checkpoint
RP21: 1/7/2014 7:48:26 PM - System Checkpoint
RP22: 1/9/2014 11:12:27 AM - System Checkpoint
RP23: 1/10/2014 11:18:05 AM - System Checkpoint
RP24: 1/10/2014 1:17:07 PM - Removed PerfectSpeed PC Optimizer.
RP26: 1/11/2014 1:20:41 PM - System Checkpoint
RP27: 1/12/2014 11:20:15 PM - System Checkpoint
RP28: 1/14/2014 2:34:34 PM - System Checkpoint
RP29: 1/15/2014 2:48:09 PM - System Checkpoint
RP30: 1/16/2014 11:41:38 PM - System Checkpoint
RP31: 1/18/2014 3:06:00 PM - System Checkpoint
RP32: 1/19/2014 6:16:01 PM - System Checkpoint
RP33: 1/21/2014 2:44:25 PM - System Checkpoint
RP34: 1/22/2014 3:40:58 PM - System Checkpoint
RP35: 1/23/2014 9:16:32 PM - System Checkpoint
RP36: 1/26/2014 1:22:56 AM - System Checkpoint
RP37: 1/27/2014 11:04:15 AM - System Checkpoint
RP38: 1/27/2014 8:53:52 PM - Software Distribution Service 3.0
RP39: 1/29/2014 2:40:24 PM - System Checkpoint
RP40: 1/30/2014 2:43:40 PM - System Checkpoint
RP41: 1/31/2014 5:35:18 PM - System Checkpoint
RP42: 2/1/2014 11:37:02 PM - System Checkpoint
RP43: 2/3/2014 12:15:59 AM - System Checkpoint
RP44: 2/4/2014 3:09:46 PM - System Checkpoint
RP45: 2/6/2014 12:24:05 AM - System Checkpoint
RP46: 2/7/2014 1:45:10 PM - System Checkpoint
RP47: 2/8/2014 2:12:25 PM - System Checkpoint
RP48: 2/9/2014 2:40:50 PM - System Checkpoint
RP49: 2/11/2014 2:04:09 PM - System Checkpoint
RP50: 2/12/2014 3:08:58 PM - System Checkpoint
RP51: 2/13/2014 4:36:44 PM - System Checkpoint
RP52: 2/14/2014 4:40:35 PM - System Checkpoint
RP53: 2/16/2014 11:05:44 AM - System Checkpoint
RP54: 2/17/2014 11:26:27 AM - System Checkpoint
RP55: 2/18/2014 5:35:05 PM - System Checkpoint
RP56: 2/19/2014 5:40:11 PM - System Checkpoint
RP57: 2/21/2014 12:18:46 AM - System Checkpoint
RP58: 2/22/2014 6:03:22 PM - System Checkpoint
RP59: 2/24/2014 12:36:53 AM - System Checkpoint
RP60: 2/25/2014 12:53:24 AM - System Checkpoint
RP61: 2/26/2014 1:15:53 AM - System Checkpoint
RP62: 2/28/2014 3:58:40 PM - System Checkpoint
RP63: 2/28/2014 5:15:55 PM - Installed ProductName
RP64: 2/28/2014 5:26:06 PM - Installed PowerDVD
RP65: 3/1/2014 4:07:07 PM - Restore Operation
RP66: 3/1/2014 4:26:13 PM - Restore Operation
RP67: 3/2/2014 7:29:11 PM - System Checkpoint
RP68: 3/4/2014 12:17:10 AM - System Checkpoint
RP69: 3/5/2014 3:02:15 PM - System Checkpoint
RP70: 3/6/2014 4:01:52 PM - System Checkpoint
RP71: 3/7/2014 8:26:37 PM - System Checkpoint
RP72: 3/8/2014 5:20:24 PM - Installed Pro Evolution Soccer 6
RP73: 3/9/2014 11:22:36 PM - System Checkpoint
RP74: 3/11/2014 1:45:33 PM - System Checkpoint
RP75: 3/12/2014 7:14:12 PM - System Checkpoint
RP76: 3/14/2014 12:40:50 PM - System Checkpoint
RP77: 3/15/2014 11:23:02 PM - System Checkpoint
RP78: 3/17/2014 12:59:47 PM - System Checkpoint
RP79: 3/18/2014 2:22:11 PM - System Checkpoint
RP80: 3/19/2014 2:32:59 PM - System Checkpoint
RP81: 3/20/2014 4:34:46 PM - System Checkpoint
RP82: 3/20/2014 6:48:52 PM - Restore Operation
RP83: 3/22/2014 2:51:04 PM - System Checkpoint
RP84: 3/23/2014 11:44:45 PM - System Checkpoint
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player
Ask Toolbar
ATI Display Driver (Omega 3.8.442)
Attansic L1 Gigabit Ethernet Driver
AVG 2012
BS Player Toolbar
BS.Player FREE
Counter-Strike 1.6
DZK Player
Facebook Video Calling
ffdshow v1.2.4422 [2012-04-09]
FLV Player 2.0, build 23
Football Manager 2008
Google Chrome
Google Earth
Google Update Helper
Haali Media Splitter
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
K-Lite Mega Codec Pack 1.66
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.)
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
Need for Speed Underground 2
Nero 2014
Nero Audio Pack 1
Nero Blu-ray Player
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Themes Basic
Nero MediaHome
Nero MediaHome Help (CHM)
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
Opera Stable 19.0.1326.56
PC Camera
Prerequisite installer
Pro Evolution Soccer 6
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Realtek High Definition Audio Driver
SK:Helper 1.74
Skype Click to Call
Skype™ 6.3
Ss:Helper 1.74
Updater Service
VIA Platform Device Manager
WebFldrs XP
Windows iLivid Toolbar
WinRAR 4.01 (32-bit)
Wise Disk Cleaner 7.98
YTD Video Downloader 4.7.2
==== Event Viewer Messages From Past Week ========
3/24/2014 5:34:10 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:31:24 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:29:09 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:28:25 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:27:07 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:24:42 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:23:29 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:21:52 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:21:06 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:20:26 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:19:53 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:19:17 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:18:32 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:17:52 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:17:10 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:16:33 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:15:56 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:15:23 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:14:43 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:13:36 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:13:03 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:12:16 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:11:41 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:05:35 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2014 5:03:06 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/21/2014 4:31:17 PM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 0018F31B525A has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
3/20/2014 6:47:34 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
3/20/2014 6:47:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/20/2014 6:47:12 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2014 6:29:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Google\Chrome\Application\31.0.1650.63\chrome_child.dll. Reference error message: The operation completed successfully. .
3/20/2014 6:09:58 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 6:08:28 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 5:35:33 PM, error: Service Control Manager [7031] - The Util outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/20/2014 4:44:53 PM, error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
3/20/2014 4:33:54 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgcmgr.exe. Reference error message: Error Message is unavailable .
3/20/2014 3:41:51 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 3:41:28 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/20/2014 3:41:18 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/20/2014 3:37:43 PM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 0018F31B525A has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
3/19/2014 10:29:09 AM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 0018F31B525A has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
3/18/2014 7:48:08 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
3/18/2014 11:06:33 PM, error: Service Control Manager [7031] - The Updater Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
==== End Of File ===========================
Nadam se da je sve tu, ako treba još nešto što sam izostavio, izvinjavam se, staviću u komentar ako još nešto fali od informacija.. Veliki pozdrav i hvala unaprijed..
I samo jedna ispravka, konekcija nije dial-up već je adsl.. Ne razumijem se mnogo u to..:/
Malwarebytes Anti-Rootkit BETA
[Link mogu videti samo ulogovani korisnici]
Database version: v2014.03.25.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
:: XPWINDOWS7 [administrator]
25.3.2014 13:23:26
mbar-log-2014-03-25 (13-23-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 246284
Time elapsed: 21 minute(s), 55 second(s)
Memory Processes Detected: 2
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (Adware.InstallBrain) -> Delete on reboot.
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|algv.exe (Worm.AutoRun) -> Data: C:\WINDOWS\system32\algv.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|x.exe (Worm.AutoRun) -> Data: "C:\WINDOWS\system32\algv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.
Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Worm.AutoRun) -> Bad: (algv.exe) Good: () -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=37a72966-41e5-11e1-930c-0018f31b525a) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.Shell) -> Bad: (explorer.exe,algv.exe) Good: (Explorer.exe) -> Replace on reboot.
Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
Files Detected: 12
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot.
c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot.
c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot.
C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
[Link mogu videti samo ulogovani korisnici]
Čekao sam pola sata i nikakvih rezultata, sad ću da skinem Farbar RST pa ću da okačim izvještaj.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Jolly (administrator) on XPWINDOWS7 on 25-03-2014 14:40:52
Running from C:\Documents and Settings\Jolly\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Link mogu videti samo ulogovani korisnici]
Download link for 64-Bit Version: [Link mogu videti samo ulogovani korisnici]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Link mogu videti samo ulogovani korisnici]
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TorchMedia Inc.) C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16050688 2006-08-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-02-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2007-02-07] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Jolly\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [NoActiveDesktop] 0x00000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [NoSaveSettings] 0x00000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x0000000000000000
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = [Link mogu videti samo ulogovani korisnici]^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = [Link mogu videti samo ulogovani korisnici]^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer]
FF ProfilePath: C:\Documents and Settings\Jolly\Application Data\Mozilla\Firefox\Profiles\u50vzrml.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO )
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
CHR HomePage: [Link mogu videti samo ulogovani korisnici]
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
CHR DefaultSearchKeyword: facebook
CHR DefaultSearchProvider: Facebook
CHR DefaultSearchURL: [Link mogu videti samo ulogovani korisnici]{searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (DefaultTab) - C:\Documents and Settings\Jolly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2013-12-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jolly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-10-07]
========================== Services (Whitelisted) =================
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-28] ()
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()
==================== Drivers (Whitelisted) ====================
S3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-05-08] (D-Link Corporation)
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [35712 2006-08-22] (Attansic Technology corporation.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2014-03-08] (DT Soft Ltd)
R0 mv614x; C:\WINDOWS\System32\DRIVERS\mv614x.sys [63232 2006-07-03] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [664064 2012-10-30] ()
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55224 2014-02-19] (StdLib)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-25 14:40 - 2014-03-25 14:40 - 00000000 ____D () C:\FRST
2014-03-25 14:36 - 2014-03-25 14:36 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\CyberLink PowerDVD
2014-03-25 14:07 - 2014-03-25 14:08 - 00000000 ___SD () C:\ComboFix
2014-03-25 13:23 - 2014-03-25 13:23 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 13:23 - 2014-03-25 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 13:21 - 2014-03-25 13:45 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\mbar
2014-03-25 13:21 - 2014-03-25 13:21 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-24 21:47 - 2014-03-25 14:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-24 21:45 - 2014-03-25 14:34 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-24 21:45 - 2014-03-24 21:45 - 00497048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 21:45 - 2014-03-24 21:45 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-24 19:22 - 2014-03-24 19:22 - 00000000 _RSHD () C:\cmdcons
2014-03-24 19:22 - 2011-12-22 11:31 - 00000211 _____ () C:\Boot.bak
2014-03-24 19:22 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-03-24 19:15 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-03-24 19:15 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-03-24 19:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-03-24 19:15 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\Qoobox
2014-03-24 18:41 - 2014-03-24 18:41 - 00018146 _____ () C:\Documents and Settings\Jolly\My Documents\attach.txt
2014-03-24 18:41 - 2014-03-24 18:41 - 00010480 _____ () C:\Documents and Settings\Jolly\My Documents\dds.txt
2014-03-20 18:27 - 2014-03-20 18:49 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\Old Firefox Data
2014-03-08 17:26 - 2014-03-08 17:27 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\KONAMI
2014-03-08 17:21 - 2014-03-08 17:21 - 00001571 _____ () C:\Documents and Settings\Jolly\Desktop\Pro Evolution Soccer 6.lnk
2014-03-08 17:21 - 2014-03-08 17:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\KONAMI
2014-03-08 17:18 - 2014-03-08 17:18 - 00242240 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2014-03-08 17:08 - 2014-03-08 18:02 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\DAEMON Tools Lite
2014-03-08 17:08 - 2014-03-08 17:08 - 00000625 _____ () C:\Documents and Settings\Jolly\Desktop\DTLite.lnk
2014-03-08 17:07 - 2014-03-08 17:18 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\DAEMON Tools Lite
2014-03-02 17:14 - 2014-03-11 21:00 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\New Folder
2014-03-02 17:11 - 2014-03-02 18:07 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Mladjo
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\FLV Player
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\CyberLink
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
2014-02-28 18:37 - 2014-02-28 18:37 - 00000701 _____ () C:\Documents and Settings\Jolly\Desktop\FLV Player.lnk
2014-02-28 18:34 - 2014-03-22 01:57 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Winamp
2014-02-28 18:34 - 2014-03-01 16:33 - 00000000 ____D () C:\Program Files\Winamp
2014-02-28 18:34 - 2014-02-28 18:34 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2014-02-28 18:34 - 2007-03-08 00:51 - 01628920 ____N (Sonic Solutions) C:\WINDOWS\system32\pxsfs.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00547576 ____N (Sonic Solutions) C:\WINDOWS\system32\px.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00510712 ____N (Sonic Solutions) C:\WINDOWS\system32\pxdrv.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00379640 ____N (Sonic Solutions) C:\WINDOWS\system32\pxwave.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00187128 ____N (Sonic Solutions) C:\WINDOWS\system32\pxmas.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00129784 ____N (Sonic Solutions) C:\WINDOWS\system32\pxafs.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00072440 ____N (Sonic Solutions) C:\WINDOWS\system32\pxhpinst.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\system32\pxinsa64.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00064760 ____N (Sonic Solutions) C:\WINDOWS\system32\pxcpya64.exe
2014-02-28 18:34 - 2007-03-08 00:51 - 00043528 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2014-02-28 18:34 - 2007-03-08 00:51 - 00039672 ____N (Sonic Solutions) C:\WINDOWS\system32\vxblock.dll
2014-02-28 18:34 - 2007-03-08 00:51 - 00009464 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2014-02-28 18:34 - 2007-03-08 00:51 - 00009336 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2014-02-28 17:28 - 2014-02-28 17:28 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\CyberLink
2014-02-28 17:27 - 2014-02-28 17:27 - 00001686 _____ () C:\Documents and Settings\Jolly\Desktop\CyberLink PowerDVD.lnk
2014-02-28 17:26 - 2014-02-28 17:27 - 00000000 ____D () C:\Program Files\CyberLink
==================== One Month Modified Files and Folders =======
2014-03-25 14:41 - 2013-01-07 13:50 - 00000294 _____ () C:\WINDOWS\Tasks\Browser Manager.job
2014-03-25 14:40 - 2014-03-25 14:40 - 00000000 ____D () C:\FRST
2014-03-25 14:36 - 2014-03-25 14:36 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\CyberLink PowerDVD
2014-03-25 14:36 - 2014-03-24 21:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-25 14:36 - 2014-01-05 12:34 - 58502467 _____ () C:\Documents and Settings\Jolly\avgui.log
2014-03-25 14:36 - 2013-12-24 18:40 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\newnext.me
2014-03-25 14:35 - 2013-02-08 16:28 - 01608102 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-25 14:34 - 2014-03-24 21:45 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-25 14:34 - 2013-11-25 01:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2014-03-25 14:34 - 2012-11-23 11:28 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-25 14:34 - 2011-12-21 12:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-25 14:33 - 2013-09-28 10:50 - 00000178 ___SH () C:\Documents and Settings\Jolly\ntuser.ini
2014-03-25 14:08 - 2014-03-25 14:07 - 00000000 ___SD () C:\ComboFix
2014-03-25 14:07 - 2011-12-21 12:29 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-25 13:47 - 2011-12-29 10:49 - 00000000 ____D () C:\WINDOWS\Sun
2014-03-25 13:45 - 2014-03-25 13:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\mbar
2014-03-25 13:23 - 2014-03-25 13:23 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 13:23 - 2014-03-25 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-25 13:21 - 2014-03-25 13:21 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-25 13:10 - 2013-12-24 18:33 - 00000000 ____D () C:\Program Files\outobox
2014-03-24 23:10 - 2012-11-23 11:28 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 21:45 - 2014-03-24 21:45 - 00497048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-24 21:45 - 2014-03-24 21:45 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-03-24 19:22 - 2014-03-24 19:22 - 00000000 _RSHD () C:\cmdcons
2014-03-24 19:22 - 2011-12-21 19:09 - 00000327 __RSH () C:\boot.ini
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-24 19:14 - 2014-03-24 19:14 - 00000000 ____D () C:\Qoobox
2014-03-24 18:41 - 2014-03-24 18:41 - 00018146 _____ () C:\Documents and Settings\Jolly\My Documents\attach.txt
2014-03-24 18:41 - 2014-03-24 18:41 - 00010480 _____ () C:\Documents and Settings\Jolly\My Documents\dds.txt
2014-03-24 18:25 - 2013-12-24 18:10 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Wise Disk Cleaner
2014-03-24 18:24 - 2013-09-28 10:50 - 00000000 ____D () C:\Documents and Settings\Jolly
2014-03-24 15:07 - 2012-11-10 15:14 - 00001030 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1326574676-1606980848-500UA.job
2014-03-24 15:07 - 2012-11-10 15:14 - 00001008 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1326574676-1606980848-500Core.job
2014-03-23 19:38 - 2013-10-16 15:53 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Skype
2014-03-23 18:57 - 2011-12-22 13:57 - 00002267 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-22 01:57 - 2014-02-28 18:34 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\Winamp
2014-03-20 22:27 - 2012-01-23 14:09 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-20 18:54 - 2004-08-04 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-20 18:52 - 2011-12-21 12:29 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-20 18:52 - 2011-12-21 12:29 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-20 18:52 - 2011-12-21 12:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-20 18:52 - 2011-12-21 12:19 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-20 18:49 - 2014-03-20 18:27 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\Old Firefox Data
2014-03-11 21:00 - 2014-03-02 17:14 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\New Folder
2014-03-08 18:02 - 2014-03-08 17:08 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\DAEMON Tools Lite
2014-03-08 17:27 - 2014-03-08 17:26 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\KONAMI
2014-03-08 17:21 - 2014-03-08 17:21 - 00001571 _____ () C:\Documents and Settings\Jolly\Desktop\Pro Evolution Soccer 6.lnk
2014-03-08 17:21 - 2014-03-08 17:21 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\KONAMI
2014-03-08 17:21 - 2012-08-01 11:54 - 00000000 ____D () C:\Program Files\KONAMI
2014-03-08 17:18 - 2014-03-08 17:18 - 00242240 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2014-03-08 17:18 - 2014-03-08 17:07 - 00000000 ____D () C:\Documents and Settings\Jolly\Desktop\DAEMON Tools Lite
2014-03-08 17:18 - 2012-10-15 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2014-03-08 17:08 - 2014-03-08 17:08 - 00000625 _____ () C:\Documents and Settings\Jolly\Desktop\DTLite.lnk
2014-03-02 18:07 - 2014-03-02 17:11 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Mladjo
2014-03-02 15:20 - 2012-03-14 17:28 - 00000160 _____ () C:\WINDOWS\mafosav.INI
2014-03-01 22:50 - 2012-11-05 17:59 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Sports Interactive
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\Jolly\Start Menu\Programs\FLV Player
2014-03-01 16:33 - 2014-03-01 16:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2014-03-01 16:33 - 2014-02-28 18:34 - 00000000 ____D () C:\Program Files\Winamp
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\Jolly\Application Data\CyberLink
2014-03-01 16:32 - 2014-03-01 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CyberLink
2014-03-01 16:32 - 2012-08-01 11:54 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-03-01 16:08 - 2011-12-22 11:03 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-01 16:07 - 2011-12-21 12:20 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-28 19:19 - 2012-01-02 10:42 - 00000000 ____D () C:\Program Files\Counter-Strike 1.6
2014-02-28 19:06 - 2013-11-02 14:18 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\OneNote Notebooks
2014-02-28 19:06 - 2013-03-20 11:27 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\Saobraćajni znakovi
2014-02-28 18:37 - 2014-02-28 18:37 - 00000701 _____ () C:\Documents and Settings\Jolly\Desktop\FLV Player.lnk
2014-02-28 18:34 - 2014-02-28 18:34 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2014-02-28 17:28 - 2014-02-28 17:28 - 00000000 ____D () C:\Documents and Settings\Jolly\My Documents\CyberLink
2014-02-28 17:27 - 2014-02-28 17:27 - 00001686 _____ () C:\Documents and Settings\Jolly\Desktop\CyberLink PowerDVD.lnk
2014-02-28 17:27 - 2014-02-28 17:26 - 00000000 ____D () C:\Program Files\CyberLink
2014-02-28 17:25 - 2012-05-07 13:11 - 00505392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2014-02-28 17:17 - 2013-02-24 15:48 - 00000024 _____ () C:\WINDOWS\DIAMOND.INI
Files to move or delete:
C:\Documents and Settings\Administrator\STARTUP.reg
Some content of TEMP:
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll
==================== Bamital & volsnap Check =================
[2008-08-18 19:17] - [2008-08-18 19:17] - 1616384 ____A (Microsoft Corporation) 4a90f51b778fa0157f60d206e8b37d2a
[2008-04-28 10:24] - [2008-04-28 10:24] - 0547328 ____A (Microsoft Corporation)
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
[2008-03-20 19:36] - [2008-03-20 19:36] - 0578560 ____A (Microsoft Corporation) f92d8964b5286de225bd2b6bf89764be
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
[Link mogu videti samo ulogovani korisnici]
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG6&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://startsear.ch/?aff=2&src=sp&cf=37a72966-41e5-11e1-930c-0018f31b525a&q={searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()
C:\Documents and Settings\Administrator\STARTUP.reg
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: - APN LLC) <==== ATTENTION
outobox (HKLM\...\outobox) (Version: 2013.12.07.011955 - outobox) <==== ATTENTION
SearchNewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: - SearchNewTab) <==== ATTENTION
Windows iLivid Toolbar (HKLM\...\Windows Searchqu Toolbar) (Version: - Bandoo Media, Inc) <==== ATTENTION
AlternateDataStreams: C:\Temp:0002DB81.dat
AlternateDataStreams: C:\Temp:00030427.dat
AlternateDataStreams: C:\Temp:00030C74.dat
AlternateDataStreams: C:\Temp:00030DFB.dat
AlternateDataStreams: C:\Temp:00031742.dat
AlternateDataStreams: C:\Temp:00031CB1.dat
AlternateDataStreams: C:\Temp:00031E76.dat
AlternateDataStreams: C:\Temp:0003202B.dat
AlternateDataStreams: C:\Temp:00032655.dat
AlternateDataStreams: C:\Temp:000326C3.dat
AlternateDataStreams: C:\Temp:000334DC.dat
AlternateDataStreams: C:\Temp:000342A7.dat
AlternateDataStreams: C:\Temp:00036458.dat
AlternateDataStreams: C:\Temp:00039FCB.dat
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Jolly at 2014-03-25 16:08:46 Run:1
Running from C:\Documents and Settings\Jolly\Desktop\New Folder
Boot Mode: Normal
Content of fixlist:
Malwarebytes Anti-Rootkit BETA
[Link mogu videti samo ulogovani korisnici]
Database version: v2014.03.25.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
:: XPWINDOWS7 [administrator]
25.3.2014 13:23:26
mbar-log-2014-03-25 (13-23-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 246284
Time elapsed: 21 minute(s), 55 second(s)
Memory Processes Detected: 2
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Updater Service (Adware.InstallBrain) -> Delete on reboot.
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|algv.exe (Worm.AutoRun) -> Data: C:\WINDOWS\system32\algv.exe -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|x.exe (Worm.AutoRun) -> Data: "C:\WINDOWS\system32\algv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost (Trojan.Inject) -> Data: regsvr32 /s "C:\Temp:00072CCA.dat" -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Delete on reboot.
Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Worm.AutoRun) -> Bad: (algv.exe) Good: () -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=37a72966-41e5-11e1-930c-0018f31b525a) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell (Hijack.Shell) -> Bad: (explorer.exe,algv.exe) Good: (Explorer.exe) -> Replace on reboot.
Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot.
Files Detected: 12
C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot.
c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot.
c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot.
c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot.
C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot.
C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
"C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> 1148 -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 1944 -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\WINDOWS\system32\algv.exe (Worm.AutoRun) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"c:\temp:00072cca.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\My Documents\Downloads\AdobeReaderX_SoftangoDownloader.exe (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\My Documents\Downloads\FlvPlayerSetup.exe (Adware.Agent) -> Delete on reboot." => File/Directory not found.
"c:\temp:0002f0ce.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00030bd8.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00030cd2.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"c:\temp:00031752.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Temp\asdfr1.dat (Trojan.Inject) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Delete on reboot." => File/Directory not found.
"C:\Documents and Settings\Jolly\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Delete on reboot." => File/Directory not found.
==== End of Fixlog ====
Evo novog izvještaja.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Jolly at 2014-03-25 16:14:39 Run:2
Running from C:\Documents and Settings\Jolly\Desktop\New Folder
Boot Mode: Normal
Content of fixlist:
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {2f75a49a-e732-11e2-b3d8-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {41ed941a-a182-11e3-b5e0-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {58fb859d-7f62-11e2-b27e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {612cc000-88f3-11e3-b56e-0018f31b525a} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _.vbs
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} - I:\Startme.exe
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\...\MountPoints2: {b594ad1a-a225-11e3-b5e2-0018f31b525a} - .\sgportable\SGPortable.exe
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = [Link mogu videti samo ulogovani korisnici]^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = [Link mogu videti samo ulogovani korisnici]^Y6^xdm007^YY^ba&ptb=EE116217-27DC-44C5-9551-53AEC07B6F42&ind=2013012713&n=77fc22e9&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
CHR HomePage: [Link mogu videti samo ulogovani korisnici]
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4"
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
R2 TorchCrashHandler; C:\Documents and Settings\Jolly\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213448 2013-11-04] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [348440 2014-03-25] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [348440 2014-03-25] ()
C:\Documents and Settings\Administrator\STARTUP.reg
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbarhaIE) (Version: - APN LLC) <==== ATTENTION
outobox (HKLM\...\outobox) (Version: 2013.12.07.011955 - outobox) <==== ATTENTION
SearchNewTab (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: - SearchNewTab) <==== ATTENTION
Windows iLivid Toolbar (HKLM\...\Windows Searchqu Toolbar) (Version: - Bandoo Media, Inc) <==== ATTENTION
AlternateDataStreams: C:\Temp:0002DB81.dat
AlternateDataStreams: C:\Temp:00030427.dat
AlternateDataStreams: C:\Temp:00030C74.dat
AlternateDataStreams: C:\Temp:00030DFB.dat
AlternateDataStreams: C:\Temp:00031742.dat
AlternateDataStreams: C:\Temp:00031CB1.dat
AlternateDataStreams: C:\Temp:00031E76.dat
AlternateDataStreams: C:\Temp:0003202B.dat
AlternateDataStreams: C:\Temp:00032655.dat
AlternateDataStreams: C:\Temp:000326C3.dat
AlternateDataStreams: C:\Temp:000334DC.dat
AlternateDataStreams: C:\Temp:000342A7.dat
AlternateDataStreams: C:\Temp:00036458.dat
AlternateDataStreams: C:\Temp:00039FCB.dat
AlternateDataStreams: C:\Temp:pid1
AlternateDataStreams: C:\Temp:pid2
AlternateDataStreams: C:\Temp:rnd.dat
AlternateDataStreams: C:\Temp:srv
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[956] C:\Program Files\outobox\updateoutobox.exe => Process closed successfully.
[1172] C:\Program Files\outobox\bin\utiloutobox.exe => Process closed successfully.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f75a49a-e732-11e2-b3d8-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{2f75a49a-e732-11e2-b3d8-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41ed941a-a182-11e3-b5e0-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{41ed941a-a182-11e3-b5e0-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58fb859d-7f62-11e2-b27e-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{58fb859d-7f62-11e2-b27e-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{612cc000-88f3-11e3-b56e-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{612cc000-88f3-11e3-b56e-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{9da7fbe3-6c8c-11e3-b4e5-0018f31b525a} => Key not found.
HKU\S-1-5-21-329068152-1326574676-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b594ad1a-a225-11e3-b5e2-0018f31b525a} => Key deleted successfully.
HKCR\CLSID\{b594ad1a-a225-11e3-b5e2-0018f31b525a} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
CHR HomePage: [Link mogu videti samo ulogovani korisnici] ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-420&v=a10733-176&t=4" ==> The Chrome "Settings" can be used to fix the entry.
APNMCP => Service stopped successfully.
APNMCP => Service deleted successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => Moved successfully.
TorchCrashHandler => Service stopped successfully.
TorchCrashHandler => Service deleted successfully.
Update outobox => Service deleted successfully.
Util outobox => Service deleted successfully.
C:\Documents and Settings\Administrator\STARTUP.reg => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\libcurl-4.dll => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\pthreadGC2.dll => Moved successfully.
C:\Documents and Settings\Jolly\Local Settings\Temp\zlib1.dll => Moved successfully.
C:\Temp => ":0002DB81.dat" ADS removed successfully.
C:\Temp => ":00030427.dat" ADS removed successfully.
C:\Temp => ":00030C74.dat" ADS removed successfully.
C:\Temp => ":00030DFB.dat" ADS removed successfully.
C:\Temp => ":00031742.dat" ADS removed successfully.
C:\Temp => ":00031CB1.dat" ADS removed successfully.
C:\Temp => ":00031E76.dat" ADS removed successfully.
C:\Temp => ":0003202B.dat" ADS removed successfully.
C:\Temp => ":00032655.dat" ADS removed successfully.
C:\Temp => ":000326C3.dat" ADS removed successfully.
C:\Temp => ":000334DC.dat" ADS removed successfully.
C:\Temp => ":000342A7.dat" ADS removed successfully.
C:\Temp => ":00036458.dat" ADS removed successfully.
C:\Temp => ":00039FCB.dat" ADS removed successfully.
C:\Temp => ":pid1" ADS removed successfully.
C:\Temp => ":pid2" ADS removed successfully.
C:\Temp => ":rnd.dat" ADS removed successfully.
C:\Temp => ":srv" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D1B5B4F1" ADS removed successfully.
==== End of Fixlog ====
Dobro, pretpostavljam da racunar mnogo bolje funkcionise ali izvrsicu jos jednu proveru.
Preuzmi smeenk-ov zoek.zip ili zoek.rar ( ) sa ovog ili ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:
zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...
U beli okvir prozora iskopiraj sledeći tekst:
Klikni na dugme i pričekaj da se skeniranje završi.
zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)
Kopiraj sadrzaj tog loga u poruku.
Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.
klikni na dugme Start Scan
Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.
Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)