Usporen racunar....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav
Poslednjih par nedelja mi je znatno usporen sistem, zatim i web browseri mi baguju, pretraga je usporena ....
Koristim Nod 32......pokusao sam da precistim sa CC cleanerom...ali situacija je ista...
[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Potrebno je da detaljno ispratiš uputstvo i postaviš tražene izvještaje.

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pri skeniranju sa DDS mi izbacuje application error> the procedure * could not be lokated in the DLL sfc.dll

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi OTL sa donjeg linka na Desktop:


OTL download
Kliknite dati link - u prozoru koji se otvori, klikni Save;
kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i klikni Save.

Dvoklikom pokreni OTL;
U beli okvir prozora gdje piše Custom Scans/Fixes iskopirati sledeći tekst:

netsvcs
drives
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
/md5stop


kliknite Run Scan;

po završetku skeniranja, izveštaj (koji će biti automatski sačuvan na Desktop-u kao OTL.Txt) će se otvoriti u Notepad-u.

Kopiraj sadržaj OTL.txt u poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OTL logfile created on: 8/19/2012 6:31:50 AM - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Documents and Settings\PC_\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 411.47 Mb Available Physical Memory | 40.20% Memory free
2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.54 Gb Total Space | 4.28 Gb Free Space | 21.91% Space Free | Partition Type: NTFS
Drive D: | 56.79 Gb Total Space | 23.58 Gb Free Space | 41.52% Space Free | Partition Type: NTFS

Computer Name: PC_ | User Name: PC_ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 13:41:24 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/19 06:30:14 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC_\Desktop\OTL.exe
PRC - [2012/07/22 17:17:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/27 16:29:39 | 000,773,624 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe
PRC - [2012/05/27 16:27:31 | 000,397,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
PRC - [2012/02/25 12:22:50 | 000,172,664 | ---- | M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\EFupdater.exe
PRC - [2012/02/25 12:22:48 | 000,443,000 | ---- | M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\ExpressFiles.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/08/09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/08/09 20:06:05 | 001,599,376 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2008/07/03 14:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:32:41 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/22 17:17:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/27 16:29:38 | 000,790,520 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2012/05/27 16:27:31 | 000,397,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
MOD - [2008/04/14 15:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/02/18 15:48:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\dcccp106.ax


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/08/19 13:41:24 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/17 23:32:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/22 17:17:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/27 16:29:39 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe -- (bProtector)
SRV - [2012/05/27 16:27:31 | 000,397,368 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/09 20:29:52 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2008/04/14 06:42:36 | 000,073,796 | ---- | M] (Smart Link) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wudfrd.sys -- (WudfRd)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\WudfPf.sys -- (WudfPf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\PC_\LOCALS~1\Temp\pxtdapow.sys -- (pxtdapow)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/30 06:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/07 21:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008/07/28 13:35:42 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 15:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2008/04/14 00:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2008/04/14 00:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2008/04/14 00:53:44 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2008/04/14 00:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2008/04/14 00:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2008/04/14 00:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2007/09/20 04:54:42 | 000,207,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2006/02/26 17:22:48 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvmpu401.sys -- (nvmpu401)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2003/04/09 12:17:14 | 000,227,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cccp106.sys -- (CCCP106)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Link mogu videti samo ulogovani korisnici]{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = [Link mogu videti samo ulogovani korisnici]{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = [Link mogu videti samo ulogovani korisnici]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Link mogu videti samo ulogovani korisnici]{searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [Link mogu videti samo ulogovani korisnici]{searchTerms}&AF=111294&babsrc=SP_ss&mntrId=2c3d286c000000000000005070b67187
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = [Link mogu videti samo ulogovani korisnici]{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "search the web (babylon)"
FF - prefs.js..browser.search.order.1: "search the web (babylon)"
FF - prefs.js..browser.search.selectedengine: "search the web (babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?af=111294&babsrc=hp_ss&mntrid=2c3d286c000000000000005070b67187"
FF - prefs.js..extensions.enabledItems: {cafeefac-0016-0000-0026-abcdeffedcba}:6.0.26
FF - prefs.js..extensions.enabledItems: [Link mogu videti samo ulogovani korisnici]:1.0
FF - prefs.js..extensions.enabledItems: {82af8dca-6de9-405d-bd5e-43525bdad38a}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {1fd91a9c-410c-4090-bbcc-55d3450ef433}:1.0
FF - prefs.js..extensions.enabledItems: [Link mogu videti samo ulogovani korisnici]:5.1
FF - prefs.js..keyword.url: "http://search.babylon.com/?affid=110819&babsrc=kw_ss&mntrid=2c3d286c000000000000005070b67187&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\PC_\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 17:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/14 17:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/10/08 11:20:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Documents and Settings\PC_\Application Data\Mozilla\Firefox\Profiles\o6tfxiqg.default\extensions\ffox@bandoo.com [2011/09/19 15:24:25 | 000,000,000 | ---D | M]

[2011/09/19 15:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC_\Application Data\Mozilla\Extensions
[2012/07/19 15:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC_\Application Data\Mozilla\Firefox\Profiles\o6tfxiqg.default\extensions
[2011/09/19 15:09:53 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\PC_\Application Data\Mozilla\Firefox\Profiles\o6tfxiqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/09/19 15:24:25 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\PC_\Application Data\Mozilla\Firefox\Profiles\o6tfxiqg.default\extensions\ffox@bandoo.com
[2011/09/19 15:09:45 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\PC_\Application Data\Mozilla\Firefox\Profiles\o6tfxiqg.default\searchplugins\SearchResults.xml
[2012/08/16 21:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 20:22:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/22 17:17:31 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/27 16:30:46 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 02:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/19 15:09:45 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2005/01/05 21:17:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [Link mogu videti samo ulogovani korisnici]
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = [Link mogu videti samo ulogovani korisnici]{searchTerms}&AF=111294&babsrc=SP_ss&mntrId=2c3d286c000000000000005070b67187
CHR - default_search_provider: suggest_url =
CHR - homepage: [Link mogu videti samo ulogovani korisnici]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Bandoo (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll
CHR - Extension: YouTube = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bandoo = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: Facebook Abstract Pink = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgmgjegiphfomcgpknkicbkobpeadodf\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\PC_\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\PC_\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF7E1CD3-DB0D-401A-9DFE-F9842F56D030}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (protector.dll) - C:\WINDOWS\System32\protector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - [Link mogu videti samo ulogovani korisnici]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O29 - HKLM SecurityProviders - (OhfiwxeDqadb.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/05 11:29:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 13:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/19 13:41:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/19 13:41:54 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/19 13:41:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/19 13:41:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/19 13:41:42 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/19 06:29:52 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC_\Desktop\OTL.exe
[2012/08/19 02:26:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/08/19 02:26:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/08/19 02:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/08/18 00:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/17 22:30:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\PC_\Start Menu\Programs\Administrative Tools
[2012/08/16 22:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Local Settings\Application Data\Sun
[2012/08/15 23:32:31 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/15 23:32:31 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/15 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/15 20:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/08/15 20:19:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/08/15 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Local Settings\Application Data\VS Revo Group
[2012/08/15 20:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/08/15 20:06:07 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/08/15 20:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/08/15 19:04:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\PC_\Recent
[2012/08/11 23:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Desktop\New Folder (3)
[2012/08/11 23:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Desktop\New Folder (2)
[2012/08/05 17:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Desktop\New Folder
[2012/08/05 03:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC_\Desktop\Pzzp
[2011/03/05 11:44:41 | 000,149,504 | ---- | C] (Comodo Inc.) -- C:\Documents and Settings\PC_\MonitorCtl.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 13:41:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/19 13:41:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/19 13:41:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/19 13:41:23 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/19 13:41:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/19 13:41:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/19 13:41:23 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/19 12:38:15 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-813497703-1606980848-1003Core.job
[2012/08/19 06:45:31 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/08/19 06:42:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\bProtector.job
[2012/08/19 06:38:12 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-813497703-1606980848-1003UA.job
[2012/08/19 06:30:14 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC_\Desktop\OTL.exe
[2012/08/19 06:04:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 05:53:16 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-813497703-1606980848-1003UA.job
[2012/08/17 23:32:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/17 23:32:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/16 16:51:58 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-813497703-1606980848-1003Core.job
[2012/08/15 22:11:14 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\PC_\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 21:24:38 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\PC_\Desktop\Google Chrome.lnk
[2012/08/15 20:06:08 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/08/12 02:07:53 | 000,140,827 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2012/08/05 19:20:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/23 17:19:41 | 000,139,758 | ---- | M] () -- C:\Documents and Settings\PC_\Desktop\pizap.com13430566668591.jpg
[2012/07/23 16:31:42 | 005,367,391 | ---- | M] () -- C:\Documents and Settings\PC_\Desktop\DSC00605.JPG
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 01:18:22 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\bProtector.job
[2012/08/15 23:32:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/15 20:19:37 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/08/15 20:06:08 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/08/12 02:07:51 | 000,140,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012/08/05 06:15:47 | 000,029,608 | ---- | C] () -- C:\Documents and Settings\PC_\Desktop\303674_260977060600139_100000635404253_849240_2123799124_n.jpg
[2012/08/05 06:14:48 | 005,367,391 | ---- | C] () -- C:\Documents and Settings\PC_\Desktop\DSC00605.JPG
[2012/07/23 17:19:39 | 000,139,758 | ---- | C] () -- C:\Documents and Settings\PC_\Desktop\pizap.com13430566668591.jpg
[2012/05/27 16:29:39 | 000,790,520 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2011/04/08 14:14:18 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\PC_\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 18:30:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/21 00:06:30 | 000,000,657 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2011/03/21 00:06:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/03/21 00:06:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2011/03/21 00:04:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2011/03/21 00:03:15 | 000,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys
[2011/03/21 00:03:14 | 000,127,038 | ---- | C] () -- C:\WINDOWS\Clement.exe
[2011/03/21 00:03:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL
[2011/03/21 00:03:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL
[2011/03/21 00:03:13 | 002,093,106 | ---- | C] () -- C:\WINDOWS\select.exe
[2011/03/21 00:03:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vcccp106.dll
[2011/03/21 00:03:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\select2.exe
[2011/03/21 00:03:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dcccp106.dll
[2011/03/21 00:03:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\CleanDev.exe
[2011/03/21 00:03:12 | 000,015,542 | ---- | C] () -- C:\WINDOWS\cccp106.ini
[2011/03/21 00:03:12 | 000,000,321 | ---- | C] () -- C:\WINDOWS\DC2110a.ini
[2011/03/05 12:58:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/05 12:19:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/03/05 12:16:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/03/05 12:00:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/05 11:56:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/05 11:56:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/05 11:56:30 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/05 11:56:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011/03/05 11:56:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/05 11:45:07 | 000,020,449 | R--- | C] () -- C:\WINDOWS\System32\ADeck.ini
[2011/03/05 11:45:07 | 000,003,912 | R--- | C] () -- C:\WINDOWS\System32\String.ini
[2011/03/05 11:45:07 | 000,003,911 | R--- | C] () -- C:\WINDOWS\System32\String1.ini
[2011/03/05 11:45:07 | 000,000,399 | R--- | C] () -- C:\WINDOWS\System32\vpatch.ini
[2011/03/05 11:45:07 | 000,000,356 | R--- | C] () -- C:\WINDOWS\System32\OemBmpCp.ini
[2011/03/05 11:44:41 | 000,003,384 | ---- | C] () -- C:\Documents and Settings\PC_\Script.ini
[2011/03/05 11:30:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/05 11:24:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/05 06:37:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Maxtor 6Y080L0
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 57.00GB
Starting Offset: 20982689280
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/07/03 14:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 15:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2008/04/14 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/03/05 11:29:27 | 000,001,602 | ---- | M] () MD5=02144CF36FE29088B9DEFE4189347B46 -- C:\found.000\dir0000.chk\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 15:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/24 16:33:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=D1BAC55BC35A0CA735AEA19F609F2B22 -- C:\WINDOWS\system32\winlogon.exe

< End of report >

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U toku riješavanja slučaja, zamolio bih te da se pridržavaš sljedećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamjenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mjestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Ukoliko ne odgovorim u roku od 48h, osvježi temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za više informacija o pravilima Ambulante MyCity foruma: LINK




Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
1. deaktiviraj zaštitni softver (uputstvo);
2. zatvori pokrenute programe;
3. dvoklikom pokreni program ComboFix;
4. u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
1. klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
2. klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
3. klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

application error> the procedure * could not be lokated in the DLL sfc.dll - Ovo mi izbaci nakon sto pokrenem Combofix

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Huh, idemo ovako onda:



Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

Ukoliko program bude zatražio restart sistema dozvoli mu to.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe ako ti nisu potrebni:

Bandoo Toolbar
Babylon Toolbar
iLivid Toolbar



Korak 2

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:files
C:\WINDOWS\System32\drivers\str.sys
C:\WINDOWS\System32\protector.dll

:OTL
O29 - HKLM SecurityProviders - (OhfiwxeDqadb.dll) - File not found

:commands
[emptytemp]



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.



Korak 3

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\_OTL

i pošalji ga preko sljedećeg linka:

[Link mogu videti samo ulogovani korisnici]



Korak 4

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Search.
Kada program završi analizu otvoriće se Notepad sa izvještajem.
Kopiraj sadržaj tog izvještaja u temu.
Napomena: Izvještaj ce takođe biti sačuvan na C:\AdwCleaner[R1].txt