MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom,kao i sa jako usporenim radom racunara.

Problem sa virusom,kao i sa jako usporenim radom racunara.

Napisano na dan: 29.6.2017

Problem sa virusom,kao i sa jako usporenim radom racunara.

Odgovori

mico_popina Poslao: 29 Jun 2017 15:17 Idi na vrh
offline mico_popina Novi MyCity građanin Pridružio: 29 Jun 2017 Poruke: 1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2017 Ran by Korisnik (administrator) on COMPUTER (29-06-2017 16:12:25) Running from C:\Documents and Settings\Korisnik\My Documents\Downloads Loaded Profiles: Korisnik (Available Profiles: Korisnik) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Viber Media S.Ã r.l.) C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\Viber.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Valve Corporation) C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-14] (AVAST Software) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9974576 2014-10-27] () HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Korisnik\Application Data\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-08-14] (Facebook Inc.) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\MountPoints2: {05d442fe-571d-11e6-99f4-004f6a0711f1} - G:\Startme.exe HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\MountPoints2: {83042b7b-14a1-11e4-aae4-004f6a0711f1} - F:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-14] (AVAST Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 Tcpip\..\Interfaces\{E1B171C9-DAF5-4EA3-8DDB-19BEFE00C33A}: [DhcpNameServer] 192.168.88.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms} HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION SearchScopes: HKLM -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: No Name -> {11111111-1111-1111-1111-110511951170} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-22] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default [2017-06-14] FF user.js: detected! => C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\user.js [2015-12-16] FF DefaultSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus FF SearchEngineOrder.1: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> Ask.com FF SelectedSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus FF Homepage: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> hxxp://www.google.ba/ FF Extension: (Avast SafePrice) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\sp@avast.com.xpi [2017-06-14] FF Extension: (Avast Online Security) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\wrc@avast.com.xpi [2017-06-14] FF Extension: (Cyti Web 1.0.1) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04] [not signed] FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-15] (Oracle Corporation) FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2014-07-07] ( Garena) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1844237615-1364589140-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2017-06-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2017-06-06] (Apple Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.ba/ CHR StartupUrls: Default -> "hxxp://www.google.ba/" CHR Profile: C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-29] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-05] CHR Extension: (“The Master of Those Who Know”) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlmafffoglkjknlnkgeejnldlbfhpdk [2017-05-04] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> Opera: ======= StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1422928344&from=obw&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2314514645146 ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-06-14] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-14] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-15] (Oracle Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-05-14] (Cisco Systems, Inc.) [File not signed] R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [258288 2017-06-14] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148696 2017-06-14] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [268016 2017-06-14] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41664 2017-06-14] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-06-14] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-06-14] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107928 2017-06-14] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-06-14] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-06-14] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764576 2017-06-14] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [482608 2017-06-14] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [181080 2017-06-14] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-06-14] (AVAST Software) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-26] (Disc Soft Ltd) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed] R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-28] (Malwarebytes) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2012-12-05] (Realtek Semiconductor Corporation ) R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed] R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-11-14] (Microsoft Corporation) [File not signed] S4 IntelIde; no ImagePath S3 RT61; system32\DRIVERS\RT61.sys [X] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-29 16:11 - 2017-06-29 16:12 - 00000000 ____D C:\FRST 2017-06-14 14:23 - 2017-06-14 14:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2017-06-14 14:23 - 2017-06-14 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Program Files\QuickTime 2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-29 16:13 - 2014-05-14 13:30 - 00000000 ____D C:\Documents and Settings\Korisnik\Local Settings\Temp 2017-06-29 15:49 - 2017-04-06 14:04 - 00000000 ____D C:\Program Files\Steam 2017-06-29 15:45 - 2014-08-14 15:40 - 00001010 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003UA.job 2017-06-29 15:45 - 2014-08-14 15:40 - 00000988 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003Core.job 2017-06-29 15:39 - 2014-05-20 07:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-06-29 15:33 - 2015-02-03 10:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-06-29 14:23 - 2017-04-22 10:41 - 00000466 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1492850494.job 2017-06-29 14:20 - 2017-04-22 09:35 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job 2017-06-29 02:49 - 2015-02-03 03:49 - 00000364 _____ C:\WINDOWS\Tasks\YTDownloader.job 2017-06-29 01:33 - 2015-02-03 10:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-06-28 17:36 - 2017-04-05 17:06 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\ViberPC 2017-06-28 17:36 - 2014-07-24 21:30 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\Skype 2017-06-28 17:34 - 2014-05-22 13:08 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\uTorrent 2017-06-28 17:32 - 2017-05-12 12:10 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-28 17:32 - 2017-04-13 21:47 - 00000828 _____ C:\WINDOWS\Tasks\Installer_cr.job 2017-06-28 17:32 - 2014-05-14 15:20 - 00000104 _____ C:\WINDOWS\system32\nvapps.xml 2017-06-28 17:32 - 2014-05-14 13:30 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt 2017-06-28 17:32 - 2014-05-14 13:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-28 17:32 - 2014-05-14 13:25 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-28 17:32 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2017-06-28 17:31 - 2014-05-14 13:30 - 00000178 ___SH C:\Documents and Settings\Korisnik\ntuser.ini 2017-06-28 17:31 - 2014-05-14 13:30 - 00000000 ____D C:\Documents and Settings\Korisnik 2017-06-24 23:38 - 2017-04-05 15:59 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-06-24 20:56 - 2017-04-06 23:53 - 00000000 ____D C:\Documents and Settings\Korisnik\My Documents\ViberDownloads 2017-06-14 14:22 - 2014-05-14 15:03 - 00000000 ___HD C:\WINDOWS\inf 2017-06-14 14:20 - 2017-04-22 09:35 - 00181080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstmxp.sys 2017-06-14 14:19 - 2017-04-22 10:43 - 00330768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-06-14 14:19 - 2017-04-22 09:35 - 00268016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys 2017-06-14 14:19 - 2017-04-22 09:35 - 00148696 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys 2017-06-14 14:19 - 2017-04-22 09:35 - 00041664 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys 2017-06-14 14:19 - 2017-04-22 09:35 - 00031064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-06-14 14:19 - 2017-04-22 09:34 - 00258288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00764576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00482608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00107928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2017-06-14 14:19 - 2014-05-14 20:17 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-06-14 14:14 - 2014-05-15 00:35 - 00000000 ____D C:\The KMPlayer 2017-06-08 21:51 - 2014-05-15 00:37 - 00088576 _____ C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-06-07 14:00 - 2014-05-14 13:24 - 00000000 ____D C:\Program Files\Common Files\System 2017-06-06 10:21 - 2015-03-05 22:36 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-06-06 00:39 - 2017-05-12 12:10 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys ==================== Files in the root of some directories ======= 2014-05-15 00:37 - 2017-06-08 21:51 - 0088576 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Documents and Settings\Korisnik\TempWmicBatchFile.bat Some files in TEMP: ==================== 2017-04-18 07:27 - 2017-04-18 07:27 - 0164424 _____ (Microsoft Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\atl110.dll 2014-09-21 15:32 - 2014-09-21 15:32 - 0108144 _____ (Sony DADC Austria AG.) C:\Documents and Settings\Korisnik\Local Settings\Temp\CmdLineExt.dll 2013-04-04 10:27 - 2013-04-04 10:27 - 4847240 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\downloader.dll 2014-09-21 13:58 - 2014-09-23 11:09 - 0065536 _____ (Sony DADC Austria AG) C:\Documents and Settings\Korisnik\Local Settings\Temp\drm_dialogs.dll 2014-04-15 16:23 - 2014-04-15 16:23 - 0028472 _____ (AVG) C:\Documents and Settings\Korisnik\Local Settings\Temp\DseShExt-x86.dll 2014-01-31 05:29 - 2014-01-31 05:29 - 0341120 _____ (Gretech Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\ExPromo.exe 2017-04-18 07:32 - 2017-04-18 07:32 - 0069632 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\HwInfo.dll 2015-01-24 17:10 - 2015-01-24 17:10 - 0699016 _____ (CNET Download.com) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_3.9.1.132.exe 2017-04-07 18:27 - 2017-04-07 19:06 - 1728000 _____ (PandoraTV) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_4.1.5.8.exe 2017-05-24 01:44 - 2017-05-24 01:47 - 39467640 _____ (PandoraTV) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_4.2.1.2.exe 2014-08-20 07:00 - 2014-08-12 03:02 - 0150096 _____ (RealNetworks, Inc.) C:\Documents and Settings\Korisnik\Local Settings\Temp\lowproc.exe 2017-04-19 10:26 - 2017-04-19 10:26 - 0900096 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\NSISPromotionEx.dll 2014-01-31 05:28 - 2014-01-31 05:28 - 0052640 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\pin2taskbar.exe 2014-04-15 16:23 - 2014-04-15 16:23 - 0032056 _____ (AVG) C:\Documents and Settings\Korisnik\Local Settings\Temp\SDShelEx-win32.dll 2015-12-16 22:11 - 2017-04-03 22:32 - 0192512 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\sfamcc00001.dll 2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\sfextra.dll 2014-08-20 07:00 - 2014-08-12 03:14 - 0090624 _____ (RealNetworks, Inc.) C:\Documents and Settings\Korisnik\Local Settings\Temp\stubhelper.dll 2017-04-20 10:11 - 2017-04-20 10:11 - 14456872 _____ (Microsoft Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017 Ran by Korisnik (29-06-2017 16:13:18) Running from C:\Documents and Settings\Korisnik\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2014-05-14 11:29:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1844237615-1364589140-1801674531-500 - Administrator - Enabled) Guest (S-1-5-21-1844237615-1364589140-1801674531-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1844237615-1364589140-1801674531-1000 - Limited - Disabled) Korisnik (S-1-5-21-1844237615-1364589140-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Korisnik SUPPORT_388945a0 (S-1-5-21-1844237615-1364589140-1801674531-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) 7-Zip 16.04 (HKLM\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software) Counter Strike 1.6 FULL v44 (HKLM\...\Counter Strike 1.6 FULL v44) (Version: - ) Cyti Web (HKLM\...\Cyti Web) (Version: 2015.02.03.002402 - Cyti Web) <==== ATTENTION DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DivX MPEG-4 Codec 3.2.200 Beta (HKLM\...\DIVXCodec) (Version: - ) D-Link GO-USB-N150 (HKLM\...\{9C222509-055C-4CFF-A116-1774517825EB}) (Version: 1.13.0109 - D-Link Corp.) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.) GOM Player (HKLM\...\GOM Player) (Version: 2.3.16.5272 - GOM & Company) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto Vice City (HKLM\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) K-Lite Codec Pack 4.1.7 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.7 - ) KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV) Malwarebytes verzija 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Service Pack 1 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Service Pack 1 Redistributable (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729.17 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.0 - Mozilla) Nero 8 Micro v8.1.1.0 (HKLM\...\Nero8110_Micro_is1) (Version: - nero.com) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION Opera 9.60 (HKLM\...\{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}) (Version: 9.60 - Opera Software ASA) PlusHD-V1.9 (HKLM\...\PlusHD-V1.9) (Version: 1.34.6.10 - PlusHDv1.9) <==== ATTENTION PowerISO (HKLM\...\PowerISO) (Version: - ) QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: - ) Stronghold 2 (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.00 - Firefly Studios) Stronghold Crusader Extreme HD (HKLM\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden Viber (HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.) WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" => No File CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InprocServer32 -> C:\WINDOWS\system32\ACTXPRXY.DLL (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Scheduled Tasks============================= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003Core.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003UA.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Installer_cr.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Installer\Installcr_22344\ytd_sysmenu_setup.exe Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1492850494.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-06-14 14:19 - 2017-06-14 14:19 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-06-28 06:45 - 2017-06-28 06:45 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17062702\algo.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2017-06-29 13:29 - 2017-06-29 13:29 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17062900\algo.dll 2014-05-14 15:20 - 2008-09-17 10:55 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll 2008-07-12 15:09 - 2008-07-12 15:09 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll 2016-04-13 16:52 - 2016-04-13 16:52 - 00095312 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\qfacebook.dll 2016-04-13 16:52 - 2016-04-13 16:52 - 00042064 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\qrencode.dll 2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2016-04-13 16:54 - 2016-04-13 16:54 - 15226960 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\opengl32sw.dll 2016-04-13 16:53 - 2016-04-13 16:53 - 00398928 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\imageformats\qsvg.dll 2016-04-13 16:54 - 2016-04-13 16:54 - 00695888 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll 2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00991632 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-04-22 09:33 - 2017-04-22 09:33 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-04-06 14:26 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files\Steam\SDL2.dll 2017-04-06 14:26 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files\Steam\v8.dll 2017-04-06 14:26 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files\Steam\icui18n.dll 2017-04-06 14:26 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files\Steam\icuuc.dll 2017-04-06 14:26 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files\Steam\video.dll 2017-04-06 14:26 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files\Steam\libavcodec-56.dll 2017-04-06 14:26 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2017-04-06 14:26 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll 2017-04-06 14:26 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2017-04-06 14:26 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2017-04-06 14:26 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files\Steam\bin\chromehtml.dll 2017-06-14 14:19 - 2017-06-14 14:19 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll 2017-04-06 14:26 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files\Steam\bin\cef\cef.winxp\libcef.dll 2017-04-05 14:47 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2017-04-05 14:47 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 04:00 - 2008-04-14 04:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp DNS Servers: 192.168.88.1 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link GO-USB-N150 WPS Utility.lnk => C:\WINDOWS\pss\D-Link GO-USB-N150 WPS Utility.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit MSCONFIG\startupreg: nwiz => nwiz.exe /install MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote StandardProfile\AuthorizedApplications: [C:\Program Files\D-Link\GO-USB-N150\RtWlan.exe] => Enabled:RtWlan StandardProfile\AuthorizedApplications: [C:\Program Files\D-Link\GO-USB-N150\RTLDHCP.exe] => Enabled:RTLDHCP StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32 StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\Room\garena_room.exe] => Enabled:garena_room StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\My Documents\Downloads\CodecPerformerSetup.exe] => Enabled:CodecPerformerSetup.exe (in) StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Local Settings\Temp\t8na424\SpeedanAlysisSetup] => Enabled:SpeedanAlysisSetup (in) StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin StandardProfile\AuthorizedApplications: [C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe] => Enabled:Stronghold 2 StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe] => Enabled:Steam Web Helper StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => Enabled:Dota 2 StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/16/2017 11:16:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/14/2017 03:47:14 PM) (Source: Google Update) (EventID: 20) (User: COMPUTER) Description: Event-ID 20 Error: (06/08/2017 08:38:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378. Processing media-specific event for [mbamtray.exe!ws!] Error: (06/06/2017 10:22:19 AM) (Source: MsiInstaller) (EventID: 11334) (User: COMPUTER) Description: Product: QuickTime 7 -- Error 1334. The file 'QuickTime_trampoline.qts' cannot be installed because the file cannot be found in cabinet file 'QuickTime.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. Error: (06/05/2017 11:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/05/2017 11:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application Frozen Throne.exe, version 1.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (05/31/2017 05:01:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application gom.exe, version 2.3.14.5270, faulting module gvf.ax, version 3.7.0.3, fault address 0x00051e04. Processing media-specific event for [gom.exe!ws!] Error: (05/31/2017 04:57:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application gom.exe, version 2.3.14.5270, faulting module gvf.ax, version 3.7.0.3, fault address 0x00051e04. Processing media-specific event for [gom.exe!ws!] Error: (05/27/2017 10:31:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application setup_stronghold_crusader_extreme_hd_2.0.0.6.tmp, version 51.1052.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (05/26/2017 03:10:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application steamwebhelper.exe, version 3.66.85.33, faulting module steamwebhelper.exe, version 3.66.85.33, fault address 0x00037b59. Processing media-specific event for [steamwebhelper.exe!ws!] System errors: ============= Error: (06/29/2017 03:50:06 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:50:03 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:50:00 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:49:58 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:49:56 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:49:53 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:49:53 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:49:51 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:38:27 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 Error: (06/29/2017 03:38:25 PM) (Source: 0) (EventID: 7) (User: ) Description: Event-ID 7 ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 46% Total physical RAM: 2046.42 MB Available physical RAM: 1090.47 MB Total Virtual: 3938.62 MB Available Virtual: 2443.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:154.3 GB) (Free:62.4 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (DATA) (Fixed) (Total:143.79 GB) (Free:19.77 GB) NTFS Drive f: (Stronghold Crusa) (CDROM) (Total:0.86 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00820082) Partition 1: (Active) - (Size=154.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=143.8 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================

Profil

softwaremaniac Poslao: 29 Jun 2017 23:00 Idi na vrh
offline softwaremaniac AMF pripravnik Pridružio: 14 Jun 2016 Poruke: 535	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, zamolio bih te da ukloniš ove programe preko Control Panela -> Add or Remove Programs Cyti Web McAfee Security Scan Plus omiga-plus uninstall PlusHD-V1.9 Java(TM) 6 Update 7 1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod: CreateRestorePoint: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO: No Name -> {11111111-1111-1111-1111-110511951170} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File FF DefaultSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus FF SearchEngineOrder.1: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> Ask.com FF SelectedSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus FF Extension: (Cyti Web 1.0.1) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04] [not signed] CHR Extension: (“The Master of Those Who Know”) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlmafffoglkjknlnkgeejnldlbfhpdk [2017-05-04] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> 2017-06-29 02:49 - 2015-02-03 03:49 - 00000364 _____ C:\WINDOWS\Tasks\YTDownloader.job 2017-06-28 17:32 - 2017-04-13 21:47 - 00000828 _____ C:\WINDOWS\Tasks\Installer_cr.job C:\Documents and Settings\Korisnik\TempWmicBatchFile.bat Task: C:\WINDOWS\Tasks\Installer_cr.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Installer\Installcr_22344\ytd_sysmenu_setup.exe Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION C:\Program Files\YTDownloader EmptyTemp: 2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt To možeš uraditi i iz notepada => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi. 3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj. Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema. Alat će formirati log (Fixlog.txt) na Desktopu. Potrebno je sadržaj tog loga iskopirati u poruku. Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmeš i koristiš ažuriranu kopiju FRST-a. Vidim da je System Restore isključen, jesi li ga ti isključio? Javi kakvo je stanje sada.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusom,kao i sa jako usporenim radom racunara.

Ko je trenutno na forumu

Ukupno su 1112 korisnika na forumu :: 35 registrovanih, 5 sakrivenih i 1072 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, cemix, darcaud, darios, debeli, DeerHunter, dekir, DENIRO, DPera, Hans Gajger, havoc995, ivan979, Klecaviks, kokodakalo, ladro, madza, Mercury, Milan A. Nikolic, mile23, milenko crazy north, okopanja, pein, raketaš, repac, sasa87, savaskytec, shaja1, Trpe Grozni, tubular, vladaa012, vranjanac29, wizzardone, wolverined4, zdrebac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by