Problem sa virusom,kao i sa jako usporenim radom racunara.

Problem sa virusom,kao i sa jako usporenim radom racunara.

offline
  • Pridružio: 29 Jun 2017
  • Poruke: 1

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2017
Ran by Korisnik (administrator) on COMPUTER (29-06-2017 16:12:25)
Running from C:\Documents and Settings\Korisnik\My Documents\Downloads
Loaded Profiles: Korisnik (Available Profiles: Korisnik)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Viber Media S.à r.l.) C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\Viber.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-14] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [9974576 2014-10-27] ()
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Korisnik\Application Data\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2014-08-14] (Facebook Inc.)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27716568 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\MountPoints2: {05d442fe-571d-11e6-99f4-004f6a0711f1} - G:\Startme.exe
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\MountPoints2: {83042b7b-14a1-11e4-aae4-004f6a0711f1} - F:\setup_stronghold_crusader_extreme_hd_2.0.0.6.exe
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-14] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{E1B171C9-DAF5-4EA3-8DDB-19BEFE00C33A}: [DhcpNameServer] 192.168.88.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110511951170} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-22] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default [2017-06-14]
FF user.js: detected! => C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\user.js [2015-12-16]
FF DefaultSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus
FF SearchEngineOrder.1: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> Ask.com
FF SelectedSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus
FF Homepage: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> hxxp://www.google.ba/
FF Extension: (Avast SafePrice) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\sp@avast.com.xpi [2017-06-14]
FF Extension: (Avast Online Security) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\wrc@avast.com.xpi [2017-06-14]
FF Extension: (Cyti Web 1.0.1) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-15] (Oracle Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2014-07-07] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1844237615-1364589140-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2017-06-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2017-06-06] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.ba/
CHR StartupUrls: Default -> "hxxp://www.google.ba/"
CHR Profile: C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-05]
CHR Extension: (“The Master of Those Who Know”) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlmafffoglkjknlnkgeejnldlbfhpdk [2017-05-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Opera:
=======
StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1422928344&from=obw&uid=WDCXWD3200AAKS-00L9A0_WD-WCAV2314514645146

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-06-14] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-14] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-15] (Oracle Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-05-14] (Cisco Systems, Inc.) [File not signed]
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriverx.sys [258288 2017-06-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidshx.sys [148696 2017-06-14] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswblogx.sys [268016 2017-06-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbunivx.sys [41664 2017-06-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34136 2017-06-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [31064 2017-06-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [107928 2017-06-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [60760 2017-06-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [62152 2017-06-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [764576 2017-06-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [482608 2017-06-14] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [181080 2017-06-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [279800 2017-06-14] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-07-26] (Disc Soft Ltd)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-28] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [1345936 2012-12-05] (Realtek Semiconductor Corporation )
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [56108 2008-07-07] (PowerISO Computing, Inc.) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-11-14] (Microsoft Corporation) [File not signed]
S4 IntelIde; no ImagePath
S3 RT61; system32\DRIVERS\RT61.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 16:11 - 2017-06-29 16:12 - 00000000 ____D C:\FRST
2017-06-14 14:23 - 2017-06-14 14:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2017-06-14 14:23 - 2017-06-14 14:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Program Files\QuickTime
2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2017-06-06 10:22 - 2017-06-06 10:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 16:13 - 2014-05-14 13:30 - 00000000 ____D C:\Documents and Settings\Korisnik\Local Settings\Temp
2017-06-29 15:49 - 2017-04-06 14:04 - 00000000 ____D C:\Program Files\Steam
2017-06-29 15:45 - 2014-08-14 15:40 - 00001010 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003UA.job
2017-06-29 15:45 - 2014-08-14 15:40 - 00000988 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003Core.job
2017-06-29 15:39 - 2014-05-20 07:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-06-29 15:33 - 2015-02-03 10:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-29 14:23 - 2017-04-22 10:41 - 00000466 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1492850494.job
2017-06-29 14:20 - 2017-04-22 09:35 - 00000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-06-29 02:49 - 2015-02-03 03:49 - 00000364 _____ C:\WINDOWS\Tasks\YTDownloader.job
2017-06-29 01:33 - 2015-02-03 10:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-28 17:36 - 2017-04-05 17:06 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\ViberPC
2017-06-28 17:36 - 2014-07-24 21:30 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\Skype
2017-06-28 17:34 - 2014-05-22 13:08 - 00000000 ____D C:\Documents and Settings\Korisnik\Application Data\uTorrent
2017-06-28 17:32 - 2017-05-12 12:10 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-28 17:32 - 2017-04-13 21:47 - 00000828 _____ C:\WINDOWS\Tasks\Installer_cr.job
2017-06-28 17:32 - 2014-05-14 15:20 - 00000104 _____ C:\WINDOWS\system32\nvapps.xml
2017-06-28 17:32 - 2014-05-14 13:30 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-28 17:32 - 2014-05-14 13:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-28 17:32 - 2014-05-14 13:25 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-28 17:32 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-06-28 17:31 - 2014-05-14 13:30 - 00000178 ___SH C:\Documents and Settings\Korisnik\ntuser.ini
2017-06-28 17:31 - 2014-05-14 13:30 - 00000000 ____D C:\Documents and Settings\Korisnik
2017-06-24 23:38 - 2017-04-05 15:59 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-06-24 20:56 - 2017-04-06 23:53 - 00000000 ____D C:\Documents and Settings\Korisnik\My Documents\ViberDownloads
2017-06-14 14:22 - 2014-05-14 15:03 - 00000000 ___HD C:\WINDOWS\inf
2017-06-14 14:20 - 2017-04-22 09:35 - 00181080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstmxp.sys
2017-06-14 14:19 - 2017-04-22 10:43 - 00330768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-06-14 14:19 - 2017-04-22 09:35 - 00268016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswblogx.sys
2017-06-14 14:19 - 2017-04-22 09:35 - 00148696 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2017-06-14 14:19 - 2017-04-22 09:35 - 00041664 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-06-14 14:19 - 2017-04-22 09:35 - 00031064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-06-14 14:19 - 2017-04-22 09:34 - 00258288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00764576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00482608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00279800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00107928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00062152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00060760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2017-06-14 14:19 - 2014-05-14 20:17 - 00034136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-06-14 14:14 - 2014-05-15 00:35 - 00000000 ____D C:\The KMPlayer
2017-06-08 21:51 - 2014-05-15 00:37 - 00088576 _____ C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-07 14:00 - 2014-05-14 13:24 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-06 10:21 - 2015-03-05 22:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-06 00:39 - 2017-05-12 12:10 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys

==================== Files in the root of some directories =======

2014-05-15 00:37 - 2017-06-08 21:51 - 0088576 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\Korisnik\TempWmicBatchFile.bat


Some files in TEMP:
====================
2017-04-18 07:27 - 2017-04-18 07:27 - 0164424 _____ (Microsoft Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\atl110.dll
2014-09-21 15:32 - 2014-09-21 15:32 - 0108144 _____ (Sony DADC Austria AG.) C:\Documents and Settings\Korisnik\Local Settings\Temp\CmdLineExt.dll
2013-04-04 10:27 - 2013-04-04 10:27 - 4847240 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\downloader.dll
2014-09-21 13:58 - 2014-09-23 11:09 - 0065536 _____ (Sony DADC Austria AG) C:\Documents and Settings\Korisnik\Local Settings\Temp\drm_dialogs.dll
2014-04-15 16:23 - 2014-04-15 16:23 - 0028472 _____ (AVG) C:\Documents and Settings\Korisnik\Local Settings\Temp\DseShExt-x86.dll
2014-01-31 05:29 - 2014-01-31 05:29 - 0341120 _____ (Gretech Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\ExPromo.exe
2017-04-18 07:32 - 2017-04-18 07:32 - 0069632 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\HwInfo.dll
2015-01-24 17:10 - 2015-01-24 17:10 - 0699016 _____ (CNET Download.com) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_3.9.1.132.exe
2017-04-07 18:27 - 2017-04-07 19:06 - 1728000 _____ (PandoraTV) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_4.1.5.8.exe
2017-05-24 01:44 - 2017-05-24 01:47 - 39467640 _____ (PandoraTV) C:\Documents and Settings\Korisnik\Local Settings\Temp\KMP_4.2.1.2.exe
2014-08-20 07:00 - 2014-08-12 03:02 - 0150096 _____ (RealNetworks, Inc.) C:\Documents and Settings\Korisnik\Local Settings\Temp\lowproc.exe
2017-04-19 10:26 - 2017-04-19 10:26 - 0900096 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\NSISPromotionEx.dll
2014-01-31 05:28 - 2014-01-31 05:28 - 0052640 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\pin2taskbar.exe
2014-04-15 16:23 - 2014-04-15 16:23 - 0032056 _____ (AVG) C:\Documents and Settings\Korisnik\Local Settings\Temp\SDShelEx-win32.dll
2015-12-16 22:11 - 2017-04-03 22:32 - 0192512 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 _____ () C:\Documents and Settings\Korisnik\Local Settings\Temp\sfextra.dll
2014-08-20 07:00 - 2014-08-12 03:14 - 0090624 _____ (RealNetworks, Inc.) C:\Documents and Settings\Korisnik\Local Settings\Temp\stubhelper.dll
2017-04-20 10:11 - 2017-04-20 10:11 - 14456872 _____ (Microsoft Corporation) C:\Documents and Settings\Korisnik\Local Settings\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017
Ran by Korisnik (29-06-2017 16:13:18)
Running from C:\Documents and Settings\Korisnik\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-05-14 11:29:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1844237615-1364589140-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-1844237615-1364589140-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1844237615-1364589140-1801674531-1000 - Limited - Disabled)
Korisnik (S-1-5-21-1844237615-1364589140-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Korisnik
SUPPORT_388945a0 (S-1-5-21-1844237615-1364589140-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
7-Zip 16.04 (HKLM\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Counter Strike 1.6 FULL v44 (HKLM\...\Counter Strike 1.6 FULL v44) (Version: - )
Cyti Web (HKLM\...\Cyti Web) (Version: 2015.02.03.002402 - Cyti Web) <==== ATTENTION
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DivX MPEG-4 Codec 3.2.200 Beta (HKLM\...\DIVXCodec) (Version: - )
D-Link GO-USB-N150 (HKLM\...\{9C222509-055C-4CFF-A116-1774517825EB}) (Version: 1.13.0109 - D-Link Corp.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garena+ (HKLM\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.16.5272 - GOM & Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
K-Lite Codec Pack 4.1.7 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.7 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.1.2 - PandoraTV)
Malwarebytes verzija 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Service Pack 1 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Service Pack 1 Redistributable (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729.17 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.0 - Mozilla)
Nero 8 Micro v8.1.1.0 (HKLM\...\Nero8110_Micro_is1) (Version: - nero.com)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
Opera 9.60 (HKLM\...\{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}) (Version: 9.60 - Opera Software ASA)
PlusHD-V1.9 (HKLM\...\PlusHD-V1.9) (Version: 1.34.6.10 - PlusHDv1.9) <==== ATTENTION
PowerISO (HKLM\...\PowerISO) (Version: - )
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: - )
Stronghold 2 (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.00 - Firefly Studios)
Stronghold Crusader Extreme HD (HKLM\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Viber (HKLM\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{0B4AA204-AB61-47E3-B5B4-27DCF375EBAC}\localserver32 -> "CDStart.exe" => No File
CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InprocServer32 -> C:\WINDOWS\system32\ACTXPRXY.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844237615-1364589140-1801674531-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003Core.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1364589140-1801674531-1003UA.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Installer_cr.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Installer\Installcr_22344\ytd_sysmenu_setup.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1492850494.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-06-14 14:19 - 2017-06-14 14:19 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 06:45 - 2017-06-28 06:45 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17062702\algo.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-06-29 13:29 - 2017-06-29 13:29 - 05779744 _____ () C:\Program Files\AVAST Software\Avast\defs\17062900\algo.dll
2014-05-14 15:20 - 2008-09-17 10:55 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2008-07-12 15:09 - 2008-07-12 15:09 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00095312 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\qfacebook.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00042064 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\qrencode.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-04-13 16:54 - 2016-04-13 16:54 - 15226960 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\opengl32sw.dll
2016-04-13 16:53 - 2016-04-13 16:53 - 00398928 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\imageformats\qsvg.dll
2016-04-13 16:54 - 2016-04-13 16:54 - 00695888 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00991632 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-04-22 09:33 - 2017-04-22 09:33 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-06 14:26 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files\Steam\SDL2.dll
2017-04-06 14:26 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files\Steam\v8.dll
2017-04-06 14:26 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files\Steam\icui18n.dll
2017-04-06 14:26 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files\Steam\icuuc.dll
2017-04-06 14:26 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files\Steam\video.dll
2017-04-06 14:26 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files\Steam\libavcodec-56.dll
2017-04-06 14:26 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2017-04-06 14:26 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2017-04-06 14:26 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2017-04-06 14:26 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2017-04-06 14:26 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2017-06-14 14:19 - 2017-06-14 14:19 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-04-06 14:26 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files\Steam\bin\cef\cef.winxp\libcef.dll
2017-04-05 14:47 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-04-05 14:47 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 04:00 - 2008-04-14 04:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.88.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link GO-USB-N150 WPS Utility.lnk => C:\WINDOWS\pss\D-Link GO-USB-N150 WPS Utility.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\D-Link\GO-USB-N150\RtWlan.exe] => Enabled:RtWlan
StandardProfile\AuthorizedApplications: [C:\Program Files\D-Link\GO-USB-N150\RTLDHCP.exe] => Enabled:RTLDHCP
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:rundll32
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\ggdllhost.exe] => Enabled:ggdllhost
StandardProfile\AuthorizedApplications: [C:\Program Files\Garena Plus\Room\garena_room.exe] => Enabled:garena_room
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\My Documents\Downloads\CodecPerformerSetup.exe] => Enabled:CodecPerformerSetup.exe (in)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Local Settings\Temp\t8na424\SpeedanAlysisSetup] => Enabled:SpeedanAlysisSetup (in)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Korisnik\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe] => Enabled:Stronghold 2
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => Enabled:Dota 2
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2017 11:16:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2017 03:47:14 PM) (Source: Google Update) (EventID: 20) (User: COMPUTER)
Description: Event-ID 20

Error: (06/08/2017 08:38:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/06/2017 10:22:19 AM) (Source: MsiInstaller) (EventID: 11334) (User: COMPUTER)
Description: Product: QuickTime 7 -- Error 1334. The file 'QuickTime_trampoline.qts' cannot be installed because the file cannot be found in cabinet file 'QuickTime.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (06/05/2017 11:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Viber.exe, version 6.0.1.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/05/2017 11:21:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Frozen Throne.exe, version 1.5.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/31/2017 05:01:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application gom.exe, version 2.3.14.5270, faulting module gvf.ax, version 3.7.0.3, fault address 0x00051e04.
Processing media-specific event for [gom.exe!ws!]

Error: (05/31/2017 04:57:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application gom.exe, version 2.3.14.5270, faulting module gvf.ax, version 3.7.0.3, fault address 0x00051e04.
Processing media-specific event for [gom.exe!ws!]

Error: (05/27/2017 10:31:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup_stronghold_crusader_extreme_hd_2.0.0.6.tmp, version 51.1052.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/26/2017 03:10:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application steamwebhelper.exe, version 3.66.85.33, faulting module steamwebhelper.exe, version 3.66.85.33, fault address 0x00037b59.
Processing media-specific event for [steamwebhelper.exe!ws!]


System errors:
=============
Error: (06/29/2017 03:50:06 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:50:03 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:50:00 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:49:58 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:49:56 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:49:53 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:49:53 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:49:51 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:38:27 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (06/29/2017 03:38:25 PM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 2046.42 MB
Available physical RAM: 1090.47 MB
Total Virtual: 3938.62 MB
Available Virtual: 2443.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:154.3 GB) (Free:62.4 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:143.79 GB) (Free:19.77 GB) NTFS
Drive f: (Stronghold Crusa) (CDROM) (Total:0.86 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00820082)
Partition 1: (Active) - (Size=154.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=143.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

offline
  • Pridružio: 14 Jun 2016
  • Poruke: 535

Pozdrav,
zamolio bih te da ukloniš ove programe preko Control Panela -> Add or Remove Programs

Cyti Web
McAfee Security Scan Plus
omiga-plus uninstall
PlusHD-V1.9
Java(TM) 6 Update 7




1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
CreateRestorePoint:
HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1844237615-1364589140-1801674531-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <==== ATTENTION
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110511951170} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
FF DefaultSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus
FF SearchEngineOrder.1: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> Ask.com
FF SelectedSearchEngine: C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default -> omiga-plus
FF Extension: (Cyti Web 1.0.1) - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\a72cazhj.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04] [not signed]
CHR Extension: (“The Master of Those Who Know”) - C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlmafffoglkjknlnkgeejnldlbfhpdk [2017-05-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2017-06-29 02:49 - 2015-02-03 03:49 - 00000364 _____ C:\WINDOWS\Tasks\YTDownloader.job
2017-06-28 17:32 - 2017-04-13 21:47 - 00000828 _____ C:\WINDOWS\Tasks\Installer_cr.job
C:\Documents and Settings\Korisnik\TempWmicBatchFile.bat
Task: C:\WINDOWS\Tasks\Installer_cr.job => C:\Documents and Settings\Korisnik\Local Settings\Application Data\Installer\Installcr_22344\ytd_sysmenu_setup.exe
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION
C:\Program Files\YTDownloader
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možeš uraditi i iz notepada => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktopu. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmeš i koristiš ažuriranu kopiju FRST-a.

Vidim da je System Restore isključen, jesi li ga ti isključio?

Javi kakvo je stanje sada.

Ko je trenutno na forumu
 

Ukupno su 487 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 479 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ageofloneliness, babaroga, Dorcolac, Koridor, marsovac 2, mrav pesadinac, voja64, zziko