Poslao: 05 Sep 2015 11:11
Elvis
- Poruke: 162
Lijep pozdrav AMF timu, javljam se vama za pomoć pošto imam problem sa nekim Toolbarom koji se sam instalirao na kompijuter dok sam instalirao igricu, pa ja mislim da je to neki malwer koji mi se stalno pokreće u pozadini desktopa dok surfam internetom. Koristim NOD32 Antivirus verzija 8.0.312.0 Full i isti mi je posle instalacije igrice prepoznao malwer koji ima neki naziv: Toolbar.CrossRider.CM
Deinstalirao sam taj program sa windowsa i očistio posle deinstalacije kompijuter ponovo sa adwcleanerom međutim jutros mi se ponovo aktivirao Antivirus sa porukom da je toolbar uradio neki restore, kako je to moguće ja ne znam. Još da napomenem da sam jutros isključio neke servise sa kompijutera uz pomoć komande "msconfig" servisi koji nisu u pokretanju, ne piše na njima da su STARTING ili RUNING tako nešto! Možda mi je i to napravilo neki problem.
Evo slike iz quarantina sa antivirusa:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by Elvis (administrator) on E-104A37C53FD74 (05-09-2015 10:49:17)
Running from C:\Documents and Settings\Elvis\My Documents\Preuzimanja
Loaded Profiles: Elvis (Available Profiles: Elvis)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1368064 2004-04-01] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [794624 2004-03-26] (Analog Devices, Inc.)
HKLM\...\Run: [PRONoMgrWired] => C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2004-11-18] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Programi\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Programi\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-03-03] (ATI Technologies Inc.)
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [DAEMON Tools Lite] => C:\Programi\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-03] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe -update pepperplugin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{B22877B6-9649-4A22-A70D-0B89CD3158B1}: [NameServer],
Tcpip\..\Interfaces\{B22877B6-9649-4A22-A70D-0B89CD3158B1}: [DhcpNameServer]
Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
URLSearchHook: HKU\S-1-5-21-484763869-1844237615-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Elvis\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Elvis\Application Data\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Elvis\Application Data\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Elvis\Application Data\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-09-04]
FF Extension: AdBlock for Firefox - C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-09-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Programi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
StartMenuInternet: FIREFOX.EXE - C:\Programi\Mozilla Firefox\firefox.exe
StartMenuInternet: (HKLM) Operadeveloper - C:\Programi\Opera NI developer\Launcher.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-03-03] (ATI Technologies Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [4630016 2010-03-03] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [232512 2015-07-10] (DT Soft Ltd)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [176128 2004-11-22] (Intel Corporation)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [120304 2015-01-30] (ESET)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 MidiSyn; C:\WINDOWS\System32\drivers\MidiSyn.sys [235100 2015-07-03] (Analog Devices Inc)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2015-07-03] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2015-07-03] (Sensaura)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2015-07-03] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [22168 2015-07-03] (VIA Technologies,Inc)
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-05 10:47 - 2015-09-05 10:49 - 00000000 ____D C:\FRST
2015-09-05 09:12 - 2015-09-05 09:12 - 00000442 _____ C:\WINDOWS\setupapi.log
2015-09-04 21:48 - 2015-09-04 21:48 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Unity
2015-09-04 21:29 - 2015-09-04 21:29 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Unity
2015-09-04 02:01 - 2015-09-04 02:01 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-04 01:57 - 2015-09-04 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Solidshield
2015-09-04 01:54 - 2015-09-04 01:54 - 01850116 _____ C:\WINDOWS\chromebrowser.exe
2015-09-03 20:49 - 2015-09-05 09:49 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-03 20:49 - 2015-09-05 09:49 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-03 20:49 - 2015-09-03 20:49 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-02 20:38 - 2015-09-02 20:38 - 00326600 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\Program Files\MSBuild
2015-09-02 14:22 - 2015-09-02 14:22 - 00015775 _____ C:\Documents and Settings\Elvis\My Documents\CAFF032C321E1C8F63AC89736F8278AFA129AC3F.torrent
2015-09-02 14:18 - 2015-09-02 14:18 - 00020372 _____ C:\Documents and Settings\Elvis\My Documents\[limetorrents.cc]FIFA.11[RePack].iso.torrent
2015-09-01 12:21 - 2015-09-01 12:21 - 00000000 ____D C:\Documents and Settings\Elvis\WINDOWS
2015-09-01 12:21 - 1998-01-23 12:55 - 00305152 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUn0419.exe
2015-08-31 01:05 - 2015-08-31 01:05 - 00000000 ____D C:\Notepad++Portable
2015-08-30 14:29 - 2015-08-30 14:29 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\Custom_Desktop_Logo_V2.2
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Program Files\ESET
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-08-30 09:30 - 2015-08-30 09:30 - 00007746 _____ C:\Documents and Settings\Elvis\My Documents\[kat.cr]eset.nod32.antivirus.3.0.672.full.64bit.edition.h33t.xfire.torrent
2015-08-30 09:29 - 2015-08-30 09:29 - 00011334 _____ C:\Documents and Settings\Elvis\My Documents\[kat.cr]eset.nod32.antivirus.8.full.version.with.licence.2016.id.pass.32.64.bit.md1997.torrent
2015-08-29 10:19 - 2015-08-30 14:19 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\Stari Firefox podaci
2015-08-28 21:20 - 2015-08-28 21:20 - 00035027 _____ C:\Documents and Settings\Elvis\My Documents\163030-jack.reacher.2012.480p.brrip.xvid.ac3nydic.zip
2015-08-28 21:04 - 2015-06-30 19:35 - 00076806 _____ C:\Documents and Settings\Elvis\My Documents\Pernicious.2015.WEB-DL.XviD.MP3-RARBG-English.srt
2015-08-28 19:54 - 2015-08-28 19:54 - 00000142 _____ C:\Documents and Settings\Elvis\Desktop\manager_c680f9e2c9c0d748b8a251ca52d53735.txt
2015-08-26 23:51 - 2015-08-30 01:07 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\AvP-FB Logo
2015-08-25 21:20 - 2015-09-05 09:44 - 00001841 _____ C:\Documents and Settings\Elvis\Desktop\Handguns Comparation Stats.txt
2015-08-24 23:11 - 2015-09-05 08:57 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder (3)
2015-08-24 19:43 - 2015-08-25 10:45 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Apple Computer
2015-08-24 19:37 - 2015-08-24 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2015-08-24 19:26 - 2015-08-24 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-08-24 19:26 - 2015-08-24 19:26 - 00001563 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-08-24 19:26 - 2015-08-24 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-08-24 19:25 - 2015-08-24 19:25 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Program Files\Apple Software Update
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2015-08-22 21:38 - 2015-08-28 18:51 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\FSResizer34
2015-08-22 12:27 - 2015-08-22 12:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ATI
2015-08-22 12:25 - 2015-08-22 12:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
2015-08-22 12:24 - 2015-08-22 12:24 - 00000000 ____D C:\Program Files\ATI
2015-08-22 12:24 - 2010-03-03 12:07 - 00311296 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atiiiexx.dll
2015-08-22 12:24 - 2010-03-03 12:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt.dll
2015-08-22 12:24 - 2010-03-03 12:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl.dll
2015-08-22 12:24 - 2010-03-03 12:01 - 03641344 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd.dll
2015-08-22 12:24 - 2010-03-03 11:44 - 14262272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atioglxx.dll
2015-08-22 12:24 - 2010-03-03 11:40 - 00446464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIDEMGX.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00887724 _____ C:\WINDOWS\system32\ativva6x.dat
2015-08-22 12:24 - 2010-03-03 11:24 - 00469600 _____ C:\WINDOWS\system32\ativvaxx.cap
2015-08-22 12:24 - 2010-03-03 11:24 - 00208896 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\atipdlxx.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00155648 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\Oemdspif.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00043520 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ati2edxx.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00026112 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\Ati2mdxx.exe
2015-08-22 12:24 - 2010-03-03 11:24 - 00000003 _____ C:\WINDOWS\system32\ativva5x.dat
2015-08-22 12:24 - 2010-03-03 11:23 - 00159744 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.dll
2015-08-22 12:24 - 2010-03-03 11:22 - 00602112 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
2015-08-22 12:24 - 2010-03-03 11:21 - 00053248 _____ ( ATI Technologies Inc.) C:\WINDOWS\system32\ATIDDC.DLL
2015-08-22 12:24 - 2010-03-03 11:20 - 00143360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-08-22 12:24 - 2010-03-03 11:20 - 00033616 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-08-22 12:24 - 2010-03-03 11:16 - 00565248 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atikvmag.dll
2015-08-22 12:24 - 2010-03-03 11:15 - 00184320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-08-22 12:24 - 2010-03-03 11:14 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiok3x2.dll
2015-08-22 12:24 - 2010-03-03 11:14 - 00017408 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atitvo32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00065024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00065024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00053248 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-08-22 12:24 - 2010-02-26 03:55 - 00201875 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-08-22 12:24 - 2009-05-12 06:35 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atibtmon.exe
2015-08-22 12:24 - 2009-02-19 02:55 - 00294912 _____ C:\WINDOWS\system32\ATIODE.exe
2015-08-22 12:24 - 2009-02-04 05:52 - 00045056 _____ C:\WINDOWS\system32\ATIODCLI.exe
2015-08-22 12:24 - 2001-11-10 00:01 - 00024064 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ativcoxx.dll
2015-08-22 12:23 - 2015-08-22 12:25 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-22 12:19 - 2015-08-22 12:19 - 00018078 _____ C:\WINDOWS\system32\CCCInstall_201508221219372343.log
2015-08-22 12:12 - 2015-08-22 12:15 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\deoFx
2015-08-22 12:04 - 2015-08-22 12:04 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-22 11:58 - 2015-08-22 11:58 - 00008764 _____ C:\Documents and Settings\Elvis\My Documents\silex.html
2015-08-21 18:20 - 2015-09-05 09:46 - 00000000 ____D C:\WINDOWS\pss
2015-08-21 15:37 - 2015-08-21 15:58 - 00012172 _____ C:\Documents and Settings\Elvis\My Documents\AvP Recruiting.swi
2015-08-21 15:37 - 2015-08-21 15:37 - 00008992 _____ C:\Documents and Settings\Elvis\My Documents\AvP Recruiting.sbk
2015-08-17 03:45 - 2015-08-17 03:45 - 06552874 _____ C:\Documents and Settings\Elvis\My Documents\flashbannermaker.zip
2015-08-17 02:38 - 2015-08-17 02:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-08-17 02:38 - 2015-08-17 02:38 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Macromedia
2015-08-15 11:47 - 2015-09-03 20:44 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\QtWebCache
2015-08-15 11:47 - 2015-08-15 11:47 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\QtWebSettings
2015-08-15 11:46 - 2013-09-09 12:22 - 07881016 _____ (QtWeb.NET) C:\Documents and Settings\Elvis\Desktop\QtWeb.exe
2015-08-15 10:48 - 2015-09-02 17:53 - 00001244 _____ C:\Documents and Settings\Elvis\Desktop\Imena Aliena.txt
2015-08-15 03:30 - 2015-08-15 03:30 - 00000000 ____D C:\QtWebCache
2015-08-13 01:02 - 2015-08-13 01:02 - 00135303 _____ C:\Documents and Settings\Elvis\My Documents\Movie3.swi
2015-08-13 00:43 - 2015-08-13 00:43 - 00008698 _____ C:\Documents and Settings\Elvis\My Documents\Movie2.swi
2015-08-12 14:34 - 2015-08-12 14:34 - 00000000 ____D C:\WINDOWS\Sun
2015-08-12 02:07 - 2015-08-29 11:03 - 00000000 ____D C:\AE
2015-08-11 23:06 - 2015-08-24 19:40 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Adobe
2015-08-11 23:04 - 2015-08-11 23:04 - 00001045 _____ C:\Documents and Settings\Elvis\Desktop\Shortcut to AfterFX.lnk
2015-08-11 22:50 - 2015-08-11 22:50 - 00001053 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe After Effects CS4.lnk
2015-08-11 22:48 - 2015-08-11 22:48 - 00000855 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS4.lnk
2015-08-11 22:47 - 2015-08-11 22:47 - 00000934 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Media Encoder CS4.lnk
2015-08-11 22:46 - 2015-08-11 22:46 - 00002024 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
2015-08-11 22:43 - 2015-08-11 22:43 - 00001104 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2015-08-11 22:43 - 2015-08-11 22:43 - 00001039 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS4.lnk
2015-08-11 22:41 - 2015-08-11 22:41 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-08-11 22:33 - 2015-08-12 00:05 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-11 22:33 - 2015-08-11 22:33 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2015-08-11 08:18 - 2015-09-05 10:08 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-11 01:34 - 2015-08-11 01:35 - 02074670 _____ C:\Documents and Settings\Elvis\Desktop\FSResizer34.zip
2015-08-09 01:29 - 2015-08-09 01:30 - 00008770 _____ C:\Documents and Settings\Elvis\My Documents\Movie1.swi
2015-08-09 00:40 - 2015-08-09 01:28 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\SWiSH Max4
2015-08-09 00:40 - 2015-08-09 00:40 - 00000650 _____ C:\Documents and Settings\Elvis\Desktop\Shortcut to swishMax4.lnk
2015-08-09 00:37 - 2015-08-09 00:37 - 00000000 ____D C:\Program Files\Common Files\SWiSHzone.com
2015-08-08 20:58 - 2015-08-08 20:58 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-08-08 20:55 - 2015-08-09 08:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-08-08 16:54 - 2015-08-10 01:10 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder (2)
2015-08-08 02:07 - 2015-08-13 00:25 - 00036352 ___SH C:\Documents and Settings\Elvis\Desktop\Thumbs.db
2015-08-07 09:23 - 2015-08-07 09:23 - 00000000 ____D C:\Program Files\Common Files\Little Registry Cleaner
2015-08-07 09:19 - 2015-08-07 09:20 - 00000000 ____D C:\0fe1355421238b164e0b4bb0e74fb8a3
2015-08-07 09:19 - 2008-07-06 14:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-08-07 09:19 - 2008-07-06 14:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-08-07 09:19 - 2008-07-06 14:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-08-07 09:19 - 2008-07-06 14:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-08-07 09:19 - 2008-07-06 14:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-08-07 09:19 - 2008-07-06 14:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-08-07 09:19 - 2008-07-06 12:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-08-07 09:19 - 2007-11-30 14:39 - 00017272 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-08-07 09:19 - 2007-11-30 13:18 - 00026488 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2015-08-06 12:13 - 2015-08-06 12:13 - 00000837 _____ C:\Documents and Settings\Elvis\Desktop\Shortcut to HconSTFPortable.lnk
2015-08-06 04:21 - 2015-08-06 04:21 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\HconSTF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-05 10:49 - 2015-07-16 13:25 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Preuzimanja
2015-09-05 10:49 - 2015-07-03 01:47 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Temp
2015-09-05 10:02 - 2015-08-03 11:52 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-1417001333-1003UA.job
2015-09-05 09:55 - 2015-07-03 01:35 - 00303511 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 09:53 - 2015-07-03 03:25 - 00588920 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-05 09:49 - 2015-07-03 02:13 - 00000444 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1435882418.job
2015-09-05 09:49 - 2015-07-03 01:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 09:48 - 2015-07-03 02:46 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-09-05 09:48 - 2015-07-03 01:47 - 00027180 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-05 09:48 - 2015-07-03 01:47 - 00000178 ___SH C:\Documents and Settings\Elvis\ntuser.ini
2015-09-05 09:47 - 2015-07-03 03:21 - 00000211 ___SH C:\boot.ini
2015-09-05 09:47 - 2008-04-14 14:00 - 00000550 _____ C:\WINDOWS\win.ini
2015-09-05 09:47 - 2008-04-14 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-09-05 08:45 - 2015-07-03 01:53 - 00000000 ____D C:\Programi
2015-09-04 21:28 - 2015-07-16 13:07 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Mozilla
2015-09-04 21:26 - 2015-07-16 13:07 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Mozilla
2015-09-04 20:02 - 2015-08-03 11:52 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-1417001333-1003Core.job
2015-09-04 17:29 - 2015-07-10 20:01 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\uTorrent
2015-09-04 11:21 - 2015-07-25 02:30 - 00000132 _____ C:\Documents and Settings\Elvis\Application Data\Adobe PNG Format CS5 Prefs
2015-09-04 02:01 - 2015-07-10 18:59 - 00000000 ____D C:\Filmovi
2015-09-04 02:01 - 2015-07-03 16:06 - 00000000 ____D C:\Igre
2015-09-03 20:50 - 2015-07-03 01:47 - 00000000 ____D C:\Documents and Settings\Elvis
2015-09-03 16:18 - 2015-07-20 12:41 - 00100864 ___SH C:\Documents and Settings\Elvis\My Documents\Thumbs.db
2015-09-03 10:54 - 2015-07-15 12:54 - 03988744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-03 10:54 - 2008-04-14 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-02 22:38 - 2015-07-03 02:30 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-02 20:39 - 2015-07-03 02:46 - 00158232 _____ C:\Documents and Settings\Elvis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-02 20:12 - 2015-07-03 01:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-08-31 18:22 - 2015-08-03 18:22 - 00000652 _____ C:\WINDOWS\Tasks\klcp_update.job
2015-08-30 20:52 - 2015-07-06 03:13 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\vlc
2015-08-29 22:32 - 2015-07-09 14:34 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Bandicam
2015-08-29 19:32 - 2015-07-10 20:02 - 00002584 _____ C:\Documents and Settings\Elvis\Desktop\µTorrent.lnk
2015-08-26 21:51 - 2015-07-24 13:09 - 00002458 _____ C:\Documents and Settings\Elvis\Desktop\Predator_4.txt
2015-08-24 19:40 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Adobe
2015-08-24 12:46 - 2015-07-11 02:30 - 00000976 _____ C:\Documents and Settings\Elvis\Desktop\Predator_3.txt
2015-08-24 00:41 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\security
2015-08-23 23:43 - 2015-07-14 22:25 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2015-08-22 12:24 - 2015-07-03 03:25 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-22 12:19 - 2015-07-03 02:50 - 00000010 _____ C:\WINDOWS\WININIT.INI
2015-08-21 18:25 - 2015-07-03 15:44 - 00004370 _____ C:\Documents and Settings\Elvis\Desktop\Predator_2.txt
2015-08-19 10:34 - 2015-07-26 03:08 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder
2015-08-18 14:54 - 2015-07-04 13:54 - 00011567 _____ C:\Documents and Settings\Elvis\Desktop\Predator_1.txt
2015-08-17 02:38 - 2015-07-11 00:59 - 00000000 ____D C:\Program Files\Adobe
2015-08-11 23:58 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-08-11 22:48 - 2015-07-05 01:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-11 22:41 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Adobe
2015-08-11 08:19 - 2015-07-15 00:50 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 08:19 - 2015-07-15 00:50 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-09 00:37 - 2015-07-23 15:10 - 00925696 _____ C:\Documents and Settings\Elvis\My Documents\AvP Recruiting.indd
2015-08-08 20:58 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\system32\mui
2015-08-08 20:47 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\pchealth
2015-08-07 09:20 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\system32\spool
==================== Files in the root of some directories =======
2015-07-25 02:30 - 2015-09-04 11:21 - 0000132 _____ () C:\Documents and Settings\Elvis\Application Data\Adobe PNG Format CS5 Prefs
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
[Link mogu videti samo ulogovani korisnici]
Poslao: 05 Sep 2015 15:41
Elvis
- Poruke: 162
pozdrav helen1, ja ovaj globalupdate Helper nisam našao u default windowsima za deinstalaciju, evo i slika pa vidi da ga nema možda je pod nekim drugim nazivom taj program!
Ali sam završio ovo sa skeniranjem i evo izvještaja:
[Link mogu videti samo ulogovani korisnici]
Poslao: 05 Sep 2015 19:33
Elvis
- Poruke: 162
Napisano: 05 Sep 2015 19:29
[Link mogu videti samo ulogovani korisnici]
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Microsoft Windows XP x86
Ran by Elvis on sub 05.09.2015 at 19:27:07,68
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Scan was completed on sub 05.09.2015 at 19:29:15,21
End of JRT log
Dopuna: 05 Sep 2015 19:33
Koliko ja vidim u ovim zadnjim logovima čini mi se da nema ništa sporno, ali u zoek-ovom logu prikazuje neka dva sumnjiva ključa u windowsovom registru! Koji je sad od njih tačniji???
Poslao: 06 Sep 2015 18:26
helen1
- helen1

- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Nema ovde niceg posebno, to Eset u starom Restore Pointu vidi ostatke neke. To cemo srediti kasnije.
Preuzmi instalaciju za Malwarebytes Anti-Malware (MBAM) ver.2.0 i instaliraj aplikaciju.
Dvoklik na mbam-setup.exe i prati uputstva za instalaciju. Instalacija je klasicna, "Next > I Agree . . > Next > Install" princip. Po zavrsenoj instalaciji, klikni Finish.
Napomena: 14 dana besplatna trail verzija je pre-selektovana. Mozes decekirati ovu opciju ako zelis.
- Po prvom pokretanju, MBAM ce zapoceti "Update" u nameri da preuzme najsvezije definicije.
Ili ... klik na 'Update Now >>' link ili dugme radi preuzimanja svezih definicija.
• Konfigurisati skener; Na 'Settings' tabu, Detection and Protection podesiti sledece opcije:
1. pod-tab Detection Options, cekirati kucicu za 'Scan for rootkits';
2. pod-tab Non-Malware Protection, za 'PUP detections', prostarati se da je selektovana 'Threat detections as malware' opcija.
• Izvrsiti 'Threat Scan';
Klik na Scan tab, zatim na 'Scan Now >>' da bi izvrsio skeniranje.
Ukoliko MBAM prijavi da je 'update' dostupan, klik na 'Update Now' a potom nastaviti do skeniranja.
Obavestenje: kod nekih teskih infekcija, moguce je dobiti sledecu poruku "Could not load DDA driver". U tom slucaju, klik Yes na tu poruku, dopustiti ucitavanje drajvera po restartu racunara, dozvoliti restart.
Potom, nastaviti sa ostatkom instrukcija.
• Po zavrsenom skeniranju, klik na Apply Action dugme ukoliko je pretnja detektovana. Sacekati da program zatrazi restart!
- Klik na Yes na poruku koja govori da ce se sistem restartovati.
• Postaviti izvestaj (export-ovati logfile) na uvid;
Ponovo pokrenuti MBAM, klik na History tab > Application Logs. Dvoklik na 'Scan Log' koji pokazuje vreme i datum upravo izvrsenog skeniranja.
1. U novom prozoru klik na 'Export' dugme, pa izabrati 'Text file (*.txt)';
2. Kada se pojavi Save File dialog, izabrati da se log sacuva na Desktop.
U tom istom prozoru, dole pod File name: upisi 'mbam' kao naziv izvestaja i klikni dugme Save.
- Po dobijenoj poruci ("Your file has been successfully exported") izvestaj koji si nazvao kao 'mbam' bice sacuvan na Desktop.
Okaci mbam.txt uz poruku koristeci opciju Prikači fajl.
Poslao: 09 Sep 2015 12:10
Elvis
- Pridružio: 28 Okt 2014
- Poruke: 162
@helen1 pozz druže, nisam imao net jer su nam radili nešto na mreži pa tak da nisam bio u mogućnosti da ti pošaljem logove, ali evo sada sam to završio što si tražio. Imam neki trojan koliko sam uočio i još 5 nekih pretnji za koje ne znam koji su......!
Neki dan mi se takođe restartovao računar sam po sebi, a čist je od prašine iznutra nema prljavštine, temperature normalne na svim komponenama i bem li ga desi mi se maler da u pola rada sa photoshopom restarta se komp. :/
[Link mogu videti samo ulogovani korisnici]
Poslao: 09 Sep 2015 13:00
helen1
- helen1

- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Postavi mi novi FRST i Addition log.
Poslao: 09 Sep 2015 19:36
Elvis
- Pridružio: 28 Okt 2014
- Poruke: 162
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Elvis (administrator) on E-104A37C53FD74 (09-09-2015 19:34:17)
Running from C:\Documents and Settings\Elvis\My Documents\Preuzimanja
Loaded Profiles: Elvis (Available Profiles: Elvis)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nullsoft, Inc.) C:\Programi\Winamp\winamp.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Programi\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [1368064 2004-04-01] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [794624 2004-03-26] (Analog Devices, Inc.)
HKLM\...\Run: [PRONoMgrWired] => C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe [86016 2004-11-18] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Programi\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Programi\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-03-03] (ATI Technologies Inc.)
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [DAEMON Tools Lite] => C:\Programi\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-03] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe -update pepperplugin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{B22877B6-9649-4A22-A70D-0B89CD3158B1}: [NameServer],
Tcpip\..\Interfaces\{B22877B6-9649-4A22-A70D-0B89CD3158B1}: [DhcpNameServer]
Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
URLSearchHook: HKU\S-1-5-21-484763869-1844237615-1417001333-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-484763869-1844237615-1417001333-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
FF ProfilePath: C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Elvis\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Elvis\Application Data\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Google\Update\\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-484763869-1844237615-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Elvis\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Elvis\Application Data\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Elvis\Application Data\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-05]
FF Extension: μ Adblock - C:\Documents and Settings\Elvis\Application Data\Mozilla\Firefox\Profiles\d2mi94ob.default-1440937181062\Extensions\jid1-yIDO6R3DGl4u2Q@jetpack.xpi [2015-09-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Programi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
StartMenuInternet: FIREFOX.EXE - C:\Programi\Mozilla Firefox\firefox.exe
StartMenuInternet: (HKLM) Operadeveloper - C:\Programi\Opera NI developer\Launcher.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-03-03] (ATI Technologies Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S4 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Programi\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [4630016 2010-03-03] (ATI Technologies Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [232512 2015-07-10] (DT Soft Ltd)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [176128 2004-11-22] (Intel Corporation)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [120304 2015-01-30] (ESET)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MidiSyn; C:\WINDOWS\System32\drivers\MidiSyn.sys [235100 2015-07-03] (Analog Devices Inc)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2015-07-03] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [381056 2015-07-03] (Sensaura)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2015-07-03] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [22168 2015-07-03] (VIA Technologies,Inc)
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-09 19:31 - 2015-09-09 19:34 - 00000000 ____D C:\FRST
2015-09-09 11:32 - 2015-09-09 12:02 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 11:32 - 2015-09-09 11:32 - 00000726 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-09 11:31 - 2015-09-09 11:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-09-09 11:31 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-09 11:31 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-08 20:07 - 2015-09-08 20:07 - 00000729 _____ C:\Documents and Settings\Elvis\Desktop\Shortcut to GameVox.lnk
2015-09-07 07:32 - 2015-09-07 07:32 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\PCHealth
2015-09-07 01:45 - 2015-09-07 01:45 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\GameVox
2015-09-07 01:29 - 2015-09-07 01:30 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Overwolf
2015-09-07 01:24 - 2015-09-08 21:37 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\GameVox
2015-09-07 01:18 - 2015-09-07 07:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-09-05 15:34 - 2015-09-09 19:34 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Temp
2015-09-05 15:34 - 2015-09-05 15:34 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-09-05 15:34 - 2015-09-05 15:34 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-09-05 15:34 - 2015-09-05 15:34 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2015-09-05 15:34 - 2014-02-13 23:59 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-05 14:58 - 2015-09-05 14:58 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder (4)
2015-09-05 09:12 - 2015-09-07 23:00 - 00001189 _____ C:\WINDOWS\setupapi.log
2015-09-04 21:48 - 2015-09-04 21:48 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Unity
2015-09-04 21:29 - 2015-09-04 21:29 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Unity
2015-09-04 02:01 - 2015-09-04 02:01 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-04 01:57 - 2015-09-04 01:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Solidshield
2015-09-03 20:49 - 2015-09-09 12:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-03 20:49 - 2015-09-09 12:00 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-03 20:49 - 2015-09-03 20:49 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-02 20:38 - 2015-09-02 20:38 - 00326600 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-02 20:37 - 2015-09-02 20:37 - 00000000 ____D C:\Program Files\MSBuild
2015-09-02 14:22 - 2015-09-02 14:22 - 00015775 _____ C:\Documents and Settings\Elvis\My Documents\CAFF032C321E1C8F63AC89736F8278AFA129AC3F.torrent
2015-09-01 12:21 - 2015-09-01 12:21 - 00000000 ____D C:\Documents and Settings\Elvis\WINDOWS
2015-09-01 12:21 - 1998-01-23 12:55 - 00305152 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUn0419.exe
2015-08-31 01:05 - 2015-08-31 01:05 - 00000000 ____D C:\Notepad++Portable
2015-08-30 14:29 - 2015-08-30 14:29 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\Custom_Desktop_Logo_V2.2
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Program Files\ESET
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-08-30 13:59 - 2015-08-30 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-08-28 21:20 - 2015-08-28 21:20 - 00035027 _____ C:\Documents and Settings\Elvis\My Documents\163030-jack.reacher.2012.480p.brrip.xvid.ac3nydic.zip
2015-08-28 21:04 - 2015-06-30 19:35 - 00076806 _____ C:\Documents and Settings\Elvis\My Documents\Pernicious.2015.WEB-DL.XviD.MP3-RARBG-English.srt
2015-08-28 19:54 - 2015-08-28 19:54 - 00000142 _____ C:\Documents and Settings\Elvis\Desktop\manager_c680f9e2c9c0d748b8a251ca52d53735.txt
2015-08-26 23:51 - 2015-09-08 21:06 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\AvP-FB Logo
2015-08-25 21:20 - 2015-09-09 11:45 - 00001650 _____ C:\Documents and Settings\Elvis\Desktop\Handguns Comparation Stats.txt
2015-08-24 23:11 - 2015-09-05 08:57 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder (3)
2015-08-24 19:43 - 2015-08-25 10:45 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Apple Computer
2015-08-24 19:37 - 2015-08-24 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2015-08-24 19:26 - 2015-08-24 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-08-24 19:26 - 2015-08-24 19:26 - 00001563 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-08-24 19:26 - 2015-08-24 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-08-24 19:25 - 2015-08-24 19:25 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Program Files\Apple Software Update
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2015-08-22 21:38 - 2015-08-28 18:51 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\FSResizer34
2015-08-22 12:27 - 2015-08-22 12:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ATI
2015-08-22 12:25 - 2015-08-22 12:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
2015-08-22 12:24 - 2015-08-22 12:24 - 00000000 ____D C:\Program Files\ATI
2015-08-22 12:24 - 2010-03-03 12:07 - 00311296 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atiiiexx.dll
2015-08-22 12:24 - 2010-03-03 12:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt.dll
2015-08-22 12:24 - 2010-03-03 12:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl.dll
2015-08-22 12:24 - 2010-03-03 12:01 - 03641344 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd.dll
2015-08-22 12:24 - 2010-03-03 11:44 - 14262272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atioglxx.dll
2015-08-22 12:24 - 2010-03-03 11:40 - 00446464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIDEMGX.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00887724 _____ C:\WINDOWS\system32\ativva6x.dat
2015-08-22 12:24 - 2010-03-03 11:24 - 00469600 _____ C:\WINDOWS\system32\ativvaxx.cap
2015-08-22 12:24 - 2010-03-03 11:24 - 00208896 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\atipdlxx.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00155648 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\Oemdspif.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00043520 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ati2edxx.dll
2015-08-22 12:24 - 2010-03-03 11:24 - 00026112 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\Ati2mdxx.exe
2015-08-22 12:24 - 2010-03-03 11:24 - 00000003 _____ C:\WINDOWS\system32\ativva5x.dat
2015-08-22 12:24 - 2010-03-03 11:23 - 00159744 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.dll
2015-08-22 12:24 - 2010-03-03 11:22 - 00602112 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
2015-08-22 12:24 - 2010-03-03 11:21 - 00053248 _____ ( ATI Technologies Inc.) C:\WINDOWS\system32\ATIDDC.DLL
2015-08-22 12:24 - 2010-03-03 11:20 - 00143360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-08-22 12:24 - 2010-03-03 11:20 - 00033616 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-08-22 12:24 - 2010-03-03 11:16 - 00565248 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atikvmag.dll
2015-08-22 12:24 - 2010-03-03 11:15 - 00184320 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-08-22 12:24 - 2010-03-03 11:14 - 00393216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiok3x2.dll
2015-08-22 12:24 - 2010-03-03 11:14 - 00017408 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\atitvo32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00065024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00065024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom32.dll
2015-08-22 12:24 - 2010-03-03 11:07 - 00053248 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-08-22 12:24 - 2010-02-26 03:55 - 00201875 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-08-22 12:24 - 2009-05-12 06:35 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atibtmon.exe
2015-08-22 12:24 - 2009-02-19 02:55 - 00294912 _____ C:\WINDOWS\system32\ATIODE.exe
2015-08-22 12:24 - 2009-02-04 05:52 - 00045056 _____ C:\WINDOWS\system32\ATIODCLI.exe
2015-08-22 12:24 - 2001-11-10 00:01 - 00024064 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\ativcoxx.dll
2015-08-22 12:23 - 2015-08-22 12:25 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-22 12:19 - 2015-08-22 12:19 - 00018078 _____ C:\WINDOWS\system32\CCCInstall_201508221219372343.log
2015-08-22 12:12 - 2015-08-22 12:15 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\deoFx
2015-08-22 12:04 - 2015-08-22 12:04 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-22 11:58 - 2015-08-22 11:58 - 00008764 _____ C:\Documents and Settings\Elvis\My Documents\silex.html
2015-08-21 18:20 - 2015-09-05 09:46 - 00000000 ____D C:\WINDOWS\pss
2015-08-21 15:37 - 2015-08-21 15:58 - 00012172 _____ C:\Documents and Settings\Elvis\My Documents\AvP Recruiting.swi
2015-08-21 15:37 - 2015-08-21 15:37 - 00008992 _____ C:\Documents and Settings\Elvis\My Documents\AvP Recruiting.sbk
2015-08-17 03:45 - 2015-08-17 03:45 - 06552874 _____ C:\Documents and Settings\Elvis\My Documents\flashbannermaker.zip
2015-08-17 02:38 - 2015-08-17 02:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-08-17 02:38 - 2015-08-17 02:38 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Macromedia
2015-08-15 11:47 - 2015-08-15 11:47 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\QtWebSettings
2015-08-15 11:46 - 2013-09-09 12:22 - 07881016 _____ (QtWeb.NET) C:\Documents and Settings\Elvis\Desktop\QtWeb.exe
2015-08-15 10:48 - 2015-09-02 17:53 - 00001244 _____ C:\Documents and Settings\Elvis\Desktop\Imena Aliena.txt
2015-08-15 03:30 - 2015-08-15 03:30 - 00000000 ____D C:\QtWebCache
2015-08-13 01:02 - 2015-08-13 01:02 - 00135303 _____ C:\Documents and Settings\Elvis\My Documents\Movie3.swi
2015-08-13 00:43 - 2015-08-13 00:43 - 00008698 _____ C:\Documents and Settings\Elvis\My Documents\Movie2.swi
2015-08-12 14:34 - 2015-08-12 14:34 - 00000000 ____D C:\WINDOWS\Sun
2015-08-12 02:07 - 2015-08-29 11:03 - 00000000 ____D C:\AE
2015-08-11 23:06 - 2015-08-24 19:40 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Adobe
2015-08-11 23:04 - 2015-08-11 23:04 - 00001045 _____ C:\Documents and Settings\Elvis\Desktop\Shortcut to AfterFX.lnk
2015-08-11 22:50 - 2015-08-11 22:50 - 00001053 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe After Effects CS4.lnk
2015-08-11 22:48 - 2015-08-11 22:48 - 00000855 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS4.lnk
2015-08-11 22:47 - 2015-08-11 22:47 - 00000934 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Media Encoder CS4.lnk
2015-08-11 22:46 - 2015-08-11 22:46 - 00002024 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
2015-08-11 22:43 - 2015-08-11 22:43 - 00001104 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
2015-08-11 22:43 - 2015-08-11 22:43 - 00001039 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Extension Manager CS4.lnk
2015-08-11 22:41 - 2015-08-11 22:41 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-08-11 22:33 - 2015-08-12 00:05 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-11 22:33 - 2015-08-11 22:33 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2015-08-11 08:18 - 2015-09-05 23:08 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-11 01:34 - 2015-08-11 01:35 - 02074670 _____ C:\Documents and Settings\Elvis\Desktop\FSResizer34.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-09 19:34 - 2015-07-16 13:25 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Preuzimanja
2015-09-09 19:02 - 2015-08-03 11:52 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-1417001333-1003UA.job
2015-09-09 18:14 - 2015-07-03 02:13 - 00000444 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1435882418.job
2015-09-09 12:29 - 2015-07-03 01:53 - 00000000 ____D C:\Programi
2015-09-09 12:05 - 2015-07-03 01:35 - 00325278 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-09 12:04 - 2015-07-03 03:25 - 00588920 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-09 11:59 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\system
2015-09-09 11:59 - 2015-07-03 02:46 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-09-09 11:59 - 2015-07-03 01:47 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-09 11:59 - 2015-07-03 01:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-09 11:58 - 2015-07-03 01:47 - 00000178 ___SH C:\Documents and Settings\Elvis\ntuser.ini
2015-09-09 01:54 - 2015-07-03 01:47 - 00000000 ____D C:\Documents and Settings\Elvis
2015-09-08 23:24 - 2015-07-25 02:30 - 00000132 _____ C:\Documents and Settings\Elvis\Application Data\Adobe PNG Format CS5 Prefs
2015-09-08 20:02 - 2015-08-03 11:52 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1844237615-1417001333-1003Core.job
2015-09-08 15:31 - 2015-07-09 14:34 - 00000000 ____D C:\Documents and Settings\Elvis\My Documents\Bandicam
2015-09-08 08:58 - 2008-04-14 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-06 00:23 - 2015-07-10 20:01 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\uTorrent
2015-09-05 23:24 - 2015-07-10 18:59 - 00000000 ____D C:\Filmovi
2015-09-05 09:47 - 2015-07-03 03:21 - 00000211 ___SH C:\boot.ini
2015-09-05 09:47 - 2008-04-14 14:00 - 00000550 _____ C:\WINDOWS\win.ini
2015-09-05 09:47 - 2008-04-14 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-09-04 21:28 - 2015-07-16 13:07 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Mozilla
2015-09-04 21:26 - 2015-07-16 13:07 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Mozilla
2015-09-04 02:01 - 2015-07-03 16:06 - 00000000 ____D C:\Igre
2015-09-03 16:18 - 2015-07-20 12:41 - 00100864 ___SH C:\Documents and Settings\Elvis\My Documents\Thumbs.db
2015-09-03 10:54 - 2015-07-15 12:54 - 03988744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-02 22:38 - 2015-07-03 02:30 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-02 20:39 - 2015-07-03 02:46 - 00158232 _____ C:\Documents and Settings\Elvis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-02 20:12 - 2015-07-03 01:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-08-31 18:22 - 2015-08-03 18:22 - 00000652 _____ C:\WINDOWS\Tasks\klcp_update.job
2015-08-30 20:52 - 2015-07-06 03:13 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\vlc
2015-08-29 19:32 - 2015-07-10 20:02 - 00002584 _____ C:\Documents and Settings\Elvis\Desktop\µTorrent.lnk
2015-08-26 21:51 - 2015-07-24 13:09 - 00002458 _____ C:\Documents and Settings\Elvis\Desktop\Predator_4.txt
2015-08-24 19:40 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\Elvis\Application Data\Adobe
2015-08-24 12:46 - 2015-07-11 02:30 - 00000976 _____ C:\Documents and Settings\Elvis\Desktop\Predator_3.txt
2015-08-24 00:41 - 2015-07-03 03:16 - 00000000 ____D C:\WINDOWS\security
2015-08-23 23:43 - 2015-07-14 22:25 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2015-08-22 12:24 - 2015-07-03 03:25 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-21 18:25 - 2015-07-03 15:44 - 00004370 _____ C:\Documents and Settings\Elvis\Desktop\Predator_2.txt
2015-08-19 10:34 - 2015-07-26 03:08 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder
2015-08-18 14:54 - 2015-07-04 13:54 - 00011567 _____ C:\Documents and Settings\Elvis\Desktop\Predator_1.txt
2015-08-17 02:38 - 2015-07-11 00:59 - 00000000 ____D C:\Program Files\Adobe
2015-08-13 00:25 - 2015-08-08 02:07 - 00036352 ___SH C:\Documents and Settings\Elvis\Desktop\Thumbs.db
2015-08-11 23:58 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-08-11 22:48 - 2015-07-05 01:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-11 22:41 - 2015-07-03 03:14 - 00000000 ____D C:\Documents and Settings\Elvis\Local Settings\Application Data\Adobe
2015-08-11 08:19 - 2015-07-15 00:50 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 08:19 - 2015-07-15 00:50 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-10 01:10 - 2015-08-08 16:54 - 00000000 ____D C:\Documents and Settings\Elvis\Desktop\New Folder (2)
==================== Files in the root of some directories =======
2015-07-25 02:30 - 2015-09-08 23:24 - 0000132 _____ () C:\Documents and Settings\Elvis\Application Data\Adobe PNG Format CS5 Prefs
Some files in TEMP:
C:\Documents and Settings\Elvis\Local Settings\Temp\OverwolfInstallerGameVox.exe
C:\Documents and Settings\Elvis\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Elvis\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Elvis\Local Settings\Temp\utils.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
[Link mogu videti samo ulogovani korisnici]
Poslao: 09 Sep 2015 21:21
helen1
- helen1

- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
HKU\S-1-5-21-484763869-1844237615-1417001333-1003\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
globalupdate Helper (Version: - globalupdate Inc.) Hidden <==== ATTENTION
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.
3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.
Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.