provera i ciscenje.

provera i ciscenje.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

Napisano: 28 Avg 2014 11:12

sigorno imam nekok smeca u kompu. pa ako zelite da mi pomognete da ga ocistim.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Administrator (administrator) on COMPUTER on 27-08-2014 12:25:31
Running from C:\Documents and Settings\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Vip Internet\BackgroundService\ModemListener.exe
() C:\WINDOWS\svchost.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0001\Upd.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0002\Upd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(BitTorrent Inc.) D:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
() C:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe
(InfoHD-V1.8) C:\Program Files\HD-V1.9\f6f8a723-ce61-4837-8541-7e384f57fdde-6.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files\DefaultTab\DefaultTabSearch.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\jqs.exe
() C:\WINDOWS\system32\nethtsrv.exe
(InfoHD-V1.8) C:\Program Files\HD-V1.9\9e564e1b-fda6-47cf-b3bc-248b52b8c85f.exe
() C:\WINDOWS\system32\netupdsrv.exe
() C:\Program Files\Vip Internet\BackgroundService\ServiceManager.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() D:\bbaa.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [336832 2012-09-20] (Oracle Corporation)
HKLM\...\Run: [CPQEASYBTTN] => C:\WINDOWS\system32\BttnServ.exe [180224 2006-09-01] ()
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
mycity.rs/must-login.png

Dopuna: 28 Avg 2014 11:18

vidim da mi nije ceo tekst kopiran al ne znam zbog cega.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

Napisano: 28 Avg 2014 12:53

evo ga. i kad hocu na fb ili negde drugde gde treba sifra. uvek mi izbaci vasa VASA VEZA NIJE PRIVATNA NAPADACI MOZDA POKUSAVAJU UKRAST VASE PODATKE SA TE LOKACIJE.

Dopuna: 28 Avg 2014 12:54

nece da mi prikaci tajfajl.

Dopuna: 28 Avg 2014 12:56

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

To izgleda cisto. Probaj sada da pokrenes FRST i da dostavis svez FRST.txt izvestaj. Ako ne mozes da kopiras, samo ga prikaci.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

mycity.rs/must-login.png






Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Administrator (administrator) on COMPUTER on 27-08-2014 14:28:16
Running from C:\Documents and Settings\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Vip Internet\BackgroundService\ModemListener.exe
() C:\WINDOWS\svchost.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0001\Upd.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0002\Upd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(BitTorrent Inc.) D:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe
() C:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Oracle Corporation) C:\Program Files\Java\jre8\bin\jqs.exe
() C:\Program Files\Vip Internet\BackgroundService\ServiceManager.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() D:\bbaa.exe
(Farbar) C:\Documents and Settings\Administrator\Desktop\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [336832 2012-09-20] (Oracle Corporation)
HKLM\...\Run: [CPQEASYBTTN] => C:\WINDOWS\system32\BttnServ.exe [180224 2006-09-01] ()
HKLM\...\Run: [VIP_Serbia Lighter ModemListener] => C:\Program Files\Vip Internet\BackgroundService\ModemListener.exe [172032 2011-06-20] ()
HKLM\...\Run: [(Default)] => C:\WINDOWS\svchost.exe
HKLM\...\Run: [Uninstall0001] => C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe [135168 2001-01-14] ()
HKLM\...\Run: [Uninstall0002] => C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe [143360 2001-01-14] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [HideRunAsVerb] 1
HKU\.DEFAULT\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [214000 2014-02-17] (Google Inc.)
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Run: [uTorrent] => D:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe [1402448 2014-08-26] (BitTorrent Inc.)
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {2e7b2b84-e103-11d4-a240-000d60660721} - F:\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {6903479c-ab3f-11e1-9fd1-806d6172696f} - E:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f13-54de-11e0-a7eb-806d6172696f} - C:\rnhitg.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f14-54de-11e0-a7eb-806d6172696f} - D:\bbaa.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d24-9f78-11e3-a222-000d60660721} - F:\tmqg.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d25-9f78-11e3-a222-000d60660721} - G:\geog.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {fcc0ae95-e651-11d4-a24c-000d60660721} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TVR Scheduler.lnk
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files\honestech\honestech TVR 2.5\scheduleTV.exe ()
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
BHO: AlterGeoBHO Class -> {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} -> C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.2.1.742\AlterGeo.BrowserPlugin.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default
FF DefaultSearchEngine: mail.ru/
FF Keyword.URL: hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\searchplugins\mailru---.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eudict.xml
FF Extension: Спутник @Mail.Ru - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2001-01-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://mail.ru/cnt/7993/
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR DefaultSuggestURL: Default ->
CHR CustomProfile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (HD-V1.9) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl [2014-08-27]
CHR Extension: (Google Novčanik) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 .EsetTrialReset; C:\WINDOWS\reset.exe [357182 2009-03-20] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250808 2014-08-26] (Adobe Systems Incorporated) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre8\bin\jqs.exe [161752 2014-02-17] (Oracle Corporation)
S3 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [166960 2003-07-28] (Microsoft Corporation) [File not signed]
R2 VIP_Serbia Lighter Modem Device Helper; C:\Program Files\Vip Internet\BackgroundService\ServiceManager.exe [49752 2011-06-20] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlcatelOTnet; C:\WINDOWS\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation) [File not signed]
S3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4725760 2009-12-01] (Realtek Semiconductor Corp.) [File not signed]
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
R3 amsint32; \??\C:\WINDOWS\system32\drivers\mohppt.sys [X]
S1 ARK3280; system32\DRIVERS\TVBoxDev.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 04:39 - 2014-08-28 04:39 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-08-27 14:28 - 2014-08-27 14:28 - 00014485 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-08-27 14:28 - 2014-08-27 14:27 - 01095168 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST (1).exe
2014-08-27 14:06 - 2014-08-27 14:06 - 00001560 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S1].txt
2014-08-27 14:05 - 2014-08-27 14:05 - 01445427 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.308.exe
2014-08-27 14:04 - 2014-08-27 14:04 - 14632784 _____ (Hewlett-Packard Company ) C:\Documents and Settings\Administrator\Desktop\sp27103.exe
2014-08-27 14:02 - 2014-08-27 13:58 - 128609088 _____ ( ) C:\Documents and Settings\Administrator\Desktop\sp42471.exe
2014-08-27 13:48 - 2014-08-27 13:48 - 02811648 _____ (Hewlett-Packard Company ) C:\Documents and Settings\Administrator\Desktop\sp27532.exe
2014-08-27 13:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-27 13:40 - 2014-08-27 14:08 - 00000000 ____D () C:\AdwCleaner
2014-08-27 12:17 - 2014-08-27 14:28 - 00000000 ____D () C:\FRST
2014-08-27 12:13 - 2014-08-27 12:13 - 00000687 _____ () C:\awh14.tmp
2014-08-27 12:04 - 2014-08-27 12:04 - 00000687 _____ () C:\awh18.tmp
2014-08-27 12:01 - 2014-08-27 12:01 - 00000000 ____D () C:\Program Files\Google
2014-08-27 11:19 - 2014-08-27 12:07 - 00366912 _____ () C:\WINDOWS\setupapi.log
2014-08-27 11:17 - 2014-08-27 11:28 - 00456760 _____ () C:\WINDOWS\DPINST.LOG
2014-08-26 22:01 - 2014-08-27 14:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-26 22:01 - 2014-08-26 22:01 - 00697272 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-26 22:01 - 2014-08-26 22:01 - 00073656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-26 15:50 - 2014-08-26 15:50 - 00000000 ____D () C:\Documents and Settings\LocalService\My Documents\Mobogenie
2014-08-25 22:23 - 2014-08-25 22:23 - 20519671 _____ () C:\Documents and Settings\Administrator\nvc
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\WINDOWS\StartHtmico
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\WINDOWS\I250
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Canon i250 Manual
2014-08-25 22:13 - 2014-08-25 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon i250
2014-08-25 21:52 - 2014-08-25 22:14 - 00001704 _____ () C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
2014-08-25 21:52 - 2014-08-25 22:14 - 00000000 ____D () C:\Program Files\Canon
2014-08-25 21:52 - 2014-08-25 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2014-08-25 21:07 - 2003-02-28 08:00 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM50.DLL
2014-08-25 21:07 - 2003-02-28 08:00 - 00005632 _____ () C:\WINDOWS\system32\CNMVS50.DLL
2014-08-25 21:07 - 2003-02-14 18:01 - 00073728 ____R (CANON INC.) C:\WINDOWS\system32\CNMCP50.exe
2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___HD () C:\BJPrinter
2014-08-25 21:03 - 2008-04-13 23:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2014-08-25 21:03 - 2008-04-13 23:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2014-08-24 23:01 - 2014-08-24 23:01 - 00001775 _____ () C:\Documents and Settings\All Users\Desktop\ProgeSOFT IntelliCAD 4 GOLD.lnk
2014-08-24 23:01 - 2014-08-24 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ProgeSOFT IntelliCAD 4 GOLD ENG
2014-08-24 22:57 - 2014-08-24 22:57 - 00000000 ____D () C:\WINDOWS\Cache
2014-08-22 23:11 - 2014-08-22 23:11 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-22 14:00 - 2014-08-22 14:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\strana muzika
2014-08-22 11:57 - 2014-08-22 11:57 - 00000627 _____ () C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
2014-08-22 11:57 - 2014-08-22 11:57 - 00000608 _____ () C:\Documents and Settings\All Users\Desktop\Half-Life.lnk
2014-08-22 11:57 - 2014-08-22 11:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6
2014-08-20 22:55 - 2014-08-22 17:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\nove pesme
2014-08-20 20:35 - 2014-08-20 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InterAction studios
2014-08-20 19:25 - 2014-08-22 12:11 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\Chicken invaders 5
2014-08-13 11:57 - 2014-08-14 16:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\GENS
2014-08-10 18:36 - 2008-04-14 04:42 - 00363520 ____C () C:\WINDOWS\system32\dllcache\psisdecd.dll
2014-08-10 18:36 - 2008-04-14 04:42 - 00363520 _____ () C:\WINDOWS\system32\PsisDecd.dll
2014-08-10 18:36 - 2008-04-14 04:42 - 00056832 ____C () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2014-08-10 18:36 - 2008-04-14 04:42 - 00056832 _____ () C:\WINDOWS\system32\MSDvbNP.ax
2014-08-10 18:36 - 2008-04-14 04:42 - 00033280 ____C () C:\WINDOWS\system32\dllcache\psisrndr.ax
2014-08-10 18:36 - 2008-04-14 04:42 - 00033280 _____ () C:\WINDOWS\system32\PsisRndr.ax
2014-08-10 18:36 - 2008-04-14 04:42 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2014-08-10 18:36 - 2008-04-14 04:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdaPlgIn.ax
2014-08-10 18:36 - 2008-04-13 23:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2014-08-10 18:36 - 2008-04-13 23:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MPE.sys
2014-08-10 18:36 - 2008-04-13 23:16 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2014-08-10 18:36 - 2008-04-13 23:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BdaSup.sys
2014-08-10 18:31 - 2014-08-13 21:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\honestech TVR
2014-08-10 18:30 - 2014-08-10 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\honestech TVR2.5
2014-08-10 18:30 - 2014-08-10 18:30 - 00001794 _____ () C:\Documents and Settings\All Users\Desktop\honestech TVR 2.5.lnk
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Program Files\honestech
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\honestech TVR 2.5
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-08-10 18:27 - 2014-08-27 12:07 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-10 09:20 - 2014-08-10 09:20 - 00000346 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to filmovi.lnk
2014-08-10 09:18 - 2014-08-10 09:18 - 00000014 _____ () C:\WINDOWS\icaduninst.txt
2014-08-10 09:17 - 2014-08-24 18:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\programi
2014-08-10 09:07 - 2014-08-26 15:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\slike
2014-08-09 19:22 - 2008-04-14 04:42 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2014-08-09 19:22 - 2008-04-14 04:42 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2014-08-09 19:22 - 2008-04-13 23:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2014-08-09 19:22 - 2008-04-13 23:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys
2014-08-09 19:22 - 2008-04-13 23:16 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2014-08-09 19:22 - 2008-04-13 23:16 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys
2014-08-09 19:22 - 2008-04-13 23:09 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2014-08-09 19:22 - 2008-04-13 23:09 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys
2014-08-09 19:21 - 2008-04-14 04:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2014-08-09 19:21 - 2008-04-14 04:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2014-08-09 19:21 - 2008-04-14 04:42 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vidcap.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2014-08-09 19:21 - 2008-04-14 04:42 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dshowext.ax
2014-08-09 19:21 - 2008-04-13 23:16 - 00121984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS
2014-08-09 19:21 - 2008-04-13 23:16 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2014-08-09 19:21 - 2008-04-13 23:16 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys
2014-08-09 19:21 - 2008-04-13 23:15 - 00060032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-08-09 19:21 - 2008-04-13 23:15 - 00060032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-08-09 17:28 - 1998-12-08 17:53 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlp95en.dll
2014-08-09 17:25 - 2014-08-09 17:26 - 00000000 ____D () C:\Program Files\ProgeSOFT
2014-08-09 17:25 - 2001-08-09 23:01 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Msrd2x35.dll
2014-08-09 17:25 - 2001-08-09 21:54 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrepl35.dll
2014-08-09 17:25 - 2001-08-09 21:53 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjet35.dll
2014-08-09 17:25 - 2001-08-09 21:50 - 00123664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJINT35.DLL
2014-08-09 17:25 - 2001-08-09 21:50 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSJTER35.DLL
2014-08-09 17:25 - 2001-03-13 13:49 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMDLG32.OCX
2014-08-09 17:25 - 1999-11-08 15:45 - 00339968 _____ (Autodesk) C:\WINDOWS\system32\Slide.ocx
2014-08-09 17:25 - 1999-07-21 17:25 - 00274432 _____ (Autodesk Developer Consulting Group) C:\WINDOWS\system32\DwgThumbnail.ocx
2014-08-09 17:25 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Vb5db.dll
2014-08-09 17:25 - 1996-12-19 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbar332.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 04:39 - 2014-08-28 04:39 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-08-27 14:28 - 2014-08-27 14:28 - 00014485 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-08-27 14:28 - 2014-08-27 12:17 - 00000000 ____D () C:\FRST
2014-08-27 14:28 - 2011-03-23 01:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-27 14:27 - 2014-08-27 14:28 - 01095168 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST (1).exe
2014-08-27 14:27 - 2014-02-17 17:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
2014-08-27 14:19 - 2011-03-23 02:04 - 00000203 _____ () C:\WINDOWS\wiadebug.log
2014-08-27 14:14 - 2014-08-26 22:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-27 14:08 - 2014-08-27 13:40 - 00000000 ____D () C:\AdwCleaner
2014-08-27 14:07 - 2011-03-23 02:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-27 14:07 - 2011-03-23 01:41 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-27 14:07 - 2011-03-23 01:41 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-27 14:07 - 2011-03-23 01:13 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-27 14:07 - 2011-03-23 01:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-27 14:06 - 2014-08-27 14:06 - 00001560 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S1].txt
2014-08-27 14:05 - 2014-08-27 14:05 - 01445427 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.308.exe
2014-08-27 14:04 - 2014-08-27 14:04 - 14632784 _____ (Hewlett-Packard Company ) C:\Documents and Settings\Administrator\Desktop\sp27103.exe
2014-08-27 13:58 - 2014-08-27 14:02 - 128609088 _____ ( ) C:\Documents and Settings\Administrator\Desktop\sp42471.exe
2014-08-27 13:48 - 2014-08-27 13:48 - 02811648 _____ (Hewlett-Packard Company ) C:\Documents and Settings\Administrator\Desktop\sp27532.exe
2014-08-27 13:35 - 2014-02-17 15:22 - 00001044 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1532298954-682003330-500UA.job
2014-08-27 12:13 - 2014-08-27 12:13 - 00000687 _____ () C:\awh14.tmp
2014-08-27 12:07 - 2014-08-27 11:19 - 00366912 _____ () C:\WINDOWS\setupapi.log
2014-08-27 12:07 - 2014-08-10 18:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-27 12:04 - 2014-08-27 12:04 - 00000687 _____ () C:\awh18.tmp
2014-08-27 12:01 - 2014-08-27 12:01 - 00000000 ____D () C:\Program Files\Google
2014-08-27 11:47 - 2011-03-23 01:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-27 11:28 - 2014-08-27 11:17 - 00456760 _____ () C:\WINDOWS\DPINST.LOG
2014-08-27 11:18 - 2011-03-23 01:13 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-27 03:35 - 2014-02-17 15:24 - 00002346 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-08-26 22:35 - 2014-02-17 15:22 - 00000992 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1532298954-682003330-500Core.job
2014-08-26 22:01 - 2014-08-26 22:01 - 00697272 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-26 22:01 - 2014-08-26 22:01 - 00073656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-26 16:31 - 2011-03-23 01:59 - 00351662 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 15:50 - 2014-08-26 15:50 - 00000000 ____D () C:\Documents and Settings\LocalService\My Documents\Mobogenie
2014-08-26 15:47 - 2014-08-10 09:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\slike
2014-08-26 13:21 - 2014-03-02 21:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-08-25 23:08 - 2014-03-03 21:15 - 00223232 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-25 22:23 - 2014-08-25 22:23 - 20519671 _____ () C:\Documents and Settings\Administrator\nvc
2014-08-25 22:20 - 2011-03-23 01:06 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\WINDOWS\StartHtmico
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\WINDOWS\I250
2014-08-25 22:15 - 2014-08-25 22:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\Canon i250 Manual
2014-08-25 22:14 - 2014-08-25 21:52 - 00001704 _____ () C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
2014-08-25 22:14 - 2014-08-25 21:52 - 00000000 ____D () C:\Program Files\Canon
2014-08-25 22:13 - 2014-08-25 22:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon i250
2014-08-25 21:53 - 2014-02-18 15:48 - 00015544 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-25 21:52 - 2014-08-25 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___HD () C:\BJPrinter
2014-08-25 20:33 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-24 23:18 - 2014-03-08 23:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss
2014-08-24 23:01 - 2014-08-24 23:01 - 00001775 _____ () C:\Documents and Settings\All Users\Desktop\ProgeSOFT IntelliCAD 4 GOLD.lnk
2014-08-24 23:01 - 2014-08-24 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ProgeSOFT IntelliCAD 4 GOLD ENG
2014-08-24 22:57 - 2014-08-24 22:57 - 00000000 ____D () C:\WINDOWS\Cache
2014-08-24 22:09 - 2001-01-14 05:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\igrice
2014-08-24 18:07 - 2014-08-10 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\programi
2014-08-22 23:11 - 2014-08-22 23:11 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-22 17:01 - 2014-08-20 22:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\nove pesme
2014-08-22 14:47 - 2014-08-22 14:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\strana muzika
2014-08-22 12:11 - 2014-08-20 19:25 - 00000000 ___RD () C:\Documents and Settings\Administrator\Desktop\Chicken invaders 5
2014-08-22 11:57 - 2014-08-22 11:57 - 00000627 _____ () C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
2014-08-22 11:57 - 2014-08-22 11:57 - 00000608 _____ () C:\Documents and Settings\All Users\Desktop\Half-Life.lnk
2014-08-22 11:57 - 2014-08-22 11:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Counter-Strike 1.6
2014-08-21 02:06 - 2011-03-23 01:42 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-08-20 20:35 - 2014-08-20 20:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InterAction studios
2014-08-16 13:09 - 2014-03-04 13:01 - 00000024 _____ () C:\WINDOWS\popcinfo.dat
2014-08-14 16:44 - 2014-08-13 11:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\GENS
2014-08-13 21:35 - 2014-08-10 18:31 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\honestech TVR
2014-08-13 21:31 - 2001-01-08 19:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2014-08-10 18:35 - 2014-08-10 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\honestech TVR2.5
2014-08-10 18:30 - 2014-08-10 18:30 - 00001794 _____ () C:\Documents and Settings\All Users\Desktop\honestech TVR 2.5.lnk
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Program Files\honestech
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\honestech TVR 2.5
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-08-10 18:30 - 2011-03-23 01:59 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-10 09:20 - 2014-08-10 09:20 - 00000346 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to filmovi.lnk
2014-08-10 09:18 - 2014-08-10 09:18 - 00000014 _____ () C:\WINDOWS\icaduninst.txt
2014-08-10 09:10 - 2001-01-04 17:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\jasmina
2014-08-10 07:46 - 2011-03-23 01:58 - 00103032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-09 17:29 - 2011-03-23 01:43 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-09 17:29 - 2011-03-23 01:43 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-09 17:26 - 2014-08-09 17:25 - 00000000 ____D () C:\Program Files\ProgeSOFT
2014-08-09 13:28 - 2013-02-01 16:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DRPSu
2014-08-08 23:56 - 2014-02-28 23:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

() C:\WINDOWS\svchost.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0001\Upd.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0002\Upd.exe
() D:\bbaa.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Totem Shared
D:\bbaa.exe
HKLM\...\Run: [CPQEASYBTTN] => C:\WINDOWS\system32\BttnServ.exe [180224 2006-09-01] ()
HKLM\...\Run: [(Default)] => C:\WINDOWS\svchost.exe
HKLM\...\Run: [Uninstall0001] => C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe [135168 2001-01-14] ()
HKLM\...\Run: [Uninstall0002] => C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe [143360 2001-01-14] ()
C:\WINDOWS\system32\BttnServ.exe
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [HideRunAsVerb] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {2e7b2b84-e103-11d4-a240-000d60660721} - F:\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {6903479c-ab3f-11e1-9fd1-806d6172696f} - E:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f13-54de-11e0-a7eb-806d6172696f} - C:\rnhitg.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f14-54de-11e0-a7eb-806d6172696f} - D:\bbaa.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d24-9f78-11e3-a222-000d60660721} - F:\tmqg.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d25-9f78-11e3-a222-000d60660721} - G:\geog.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {fcc0ae95-e651-11d4-a24c-000d60660721} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
AlternateShell:
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} ->  No File
FF DefaultSearchEngine: http://www.mail.ru/
FF Keyword.URL: hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\searchplugins\mailru---.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eudict.xml
FF Extension: Спутник @Mail.Ru - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2001-01-17]
CHR HomePage: Default -> hxxp://mail.ru/cnt/7993/
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR Extension: (HD-V1.9) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl [2014-08-27]
S2 .EsetTrialReset; C:\WINDOWS\reset.exe [357182 2009-03-20] () [File not signed]
C:\WINDOWS\reset.exe
R3 amsint32; \??\C:\WINDOWS\system32\drivers\mohppt.sys [X]
S1 ARK3280; system32\DRIVERS\TVBoxDev.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]
C:\*.tmp
emptytemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014
Ran by Administrator at 2014-08-27 14:46:21 Run:2
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\WINDOWS\svchost.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0001\Upd.exe
() C:\Program Files\Common Files\Totem Shared\Uninstall0002\Upd.exe
() D:\bbaa.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Totem Shared
D:\bbaa.exe
HKLM\...\Run: [CPQEASYBTTN] => C:\WINDOWS\system32\BttnServ.exe [180224 2006-09-01] ()
HKLM\...\Run: [(Default)] => C:\WINDOWS\svchost.exe
HKLM\...\Run: [Uninstall0001] => C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe [135168 2001-01-14] ()
HKLM\...\Run: [Uninstall0002] => C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe [143360 2001-01-14] ()
C:\WINDOWS\system32\BttnServ.exe
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [HideRunAsVerb] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyDocs] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {2e7b2b84-e103-11d4-a240-000d60660721} - F:\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {6903479c-ab3f-11e1-9fd1-806d6172696f} - E:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f13-54de-11e0-a7eb-806d6172696f} - C:\rnhitg.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {726f0f14-54de-11e0-a7eb-806d6172696f} - D:\bbaa.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d24-9f78-11e3-a222-000d60660721} - F:\tmqg.exe
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {f0153d25-9f78-11e3-a222-000d60660721} - G:\geog.pif
HKU\S-1-5-21-776561741-1532298954-682003330-500\...\MountPoints2: {fcc0ae95-e651-11d4-a24c-000d60660721} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
AlternateShell:
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
FF DefaultSearchEngine: mail.ru/
FF Keyword.URL: hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\searchplugins\mailru---.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eudict.xml
FF Extension: ??????? @Mail.Ru - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2001-01-17]
CHR HomePage: Default -> hxxp://mail.ru/cnt/7993/
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR Extension: (HD-V1.9) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl [2014-08-27]
S2 .EsetTrialReset; C:\WINDOWS\reset.exe [357182 2009-03-20] () [File not signed]
C:\WINDOWS\reset.exe
R3 amsint32; \??\C:\WINDOWS\system32\drivers\mohppt.sys [X]
S1 ARK3280; system32\DRIVERS\TVBoxDev.sys [X]
S3 zghsser; system32\DRIVERS\zghsser.sys [X]
C:\*.tmp
emptytemp:
*****************

C:\WINDOWS\svchost.exe => No running process found
C:\Program Files\Common Files\Totem Shared\Uninstall0001\Upd.exe => No running process found
C:\Program Files\Common Files\Totem Shared\Uninstall0002\Upd.exe => No running process found
D:\bbaa.exe => No running process found
"C:\WINDOWS\svchost.exe" => File/Directory not found.
C:\Program Files\Common Files\Totem Shared => Moved successfully.
Could not move "D:\bbaa.exe" => Scheduled to move on reboot.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CPQEASYBTTN => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\(Default) => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uninstall0001 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uninstall0002 => value deleted successfully.
C:\WINDOWS\system32\BttnServ.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideRunAsVerb => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyDocs => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyPictures => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMHelp => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMConfigurePrograms => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyDocs => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyPictures => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMHelp => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMConfigurePrograms => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyDocs => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyPictures => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMHelp => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMConfigurePrograms => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyDocs => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyPictures => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMHelp => value deleted successfully.
HKU\S-1-5-21-776561741-1532298954-682003330-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMConfigurePrograms => value deleted successfully.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e7b2b84-e103-11d4-a240-000d60660721}" => Key deleted successfully.
"HKCR\CLSID\{2e7b2b84-e103-11d4-a240-000d60660721}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6903479c-ab3f-11e1-9fd1-806d6172696f}" => Key deleted successfully.
"HKCR\CLSID\{6903479c-ab3f-11e1-9fd1-806d6172696f}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{726f0f13-54de-11e0-a7eb-806d6172696f}" => Key deleted successfully.
"HKCR\CLSID\{726f0f13-54de-11e0-a7eb-806d6172696f}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{726f0f14-54de-11e0-a7eb-806d6172696f}" => Key deleted successfully.
"HKCR\CLSID\{726f0f14-54de-11e0-a7eb-806d6172696f}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0153d24-9f78-11e3-a222-000d60660721}" => Key deleted successfully.
"HKCR\CLSID\{f0153d24-9f78-11e3-a222-000d60660721}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0153d25-9f78-11e3-a222-000d60660721}" => Key deleted successfully.
"HKCR\CLSID\{f0153d25-9f78-11e3-a222-000d60660721}" => Key not found.
"HKU\S-1-5-21-776561741-1532298954-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcc0ae95-e651-11d4-a24c-000d60660721} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
"HKCR\CLSID\{fcc0ae95-e651-11d4-a24c-000d60660721} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B04 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}" => Key not found.
AlternateShell: => Error: No automatic fix found for this entry.
Default URLSearchHook was restored successfully .
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => Key deleted successfully.
"HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\searchplugins\mailru---.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eudict.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iu04d9gn.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl => Moved successfully.
.EsetTrialReset => Service deleted successfully.
C:\WINDOWS\reset.exe => Moved successfully.
amsint32 => Unable to stop service
amsint32 => Service deleted successfully.
ARK3280 => Service deleted successfully.
zghsser => Service deleted successfully.
C:\*.tmp => Moved successfully.
EmptyTemp: => Removed 13.1 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-27 14:48:21)<=

D:\bbaa.exe => Moved successfully.

==== End of Fixlog ====

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Stanje je katastrofalno. Imas znake Sality file infektora koga je nemoguce ukloniti, moraces da reinstaliras sistem i da pobrises sve particije. Koristis modifikovanu/piratsku verziju sistema, tako da je to jos jedan problem, koji ces morati da resis, ukoliko zelis da ti sistem radi kako valja. Treca stvar je da je za XP prestala podrska u aprilu ove godine, tako da je podlozan infekcijama i bilo bi lepo da ga zamenis nekim novijim sistemom, naravno ukoliko je to moguce.

offline
  • Pridružio: 25 Jul 2012
  • Poruke: 44

onda ide novi sistem. hvala.

Ko je trenutno na forumu
 

Ukupno su 1331 korisnika na forumu :: 38 registrovanih, 5 sakrivenih i 1288 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, aleksmajstor, babaroga, BlekMen, Brana01, cemix, darionis, darios, draganca, FileFinder, Georgius, goxin, Griffon vulture, ILGromovnik, kikisp, Kubovac, kybonacci, ljuba, Mcdado, Mercury, Mihajlo, milenko crazy north, nebkv, nemkea71, Ripanjac, RJ, ruma, Seeker, solic, Srle993, Vlad000, vladaa012, VP6919, W123, YU-UKI, zillbg, zzapNDjuric99, Čivi