MyCity » Ambulanta -> Arhiva Ambulante » Problem sa win 32

Problem sa win 32

Napisano na dan: 10.8.2015

Problem sa win 32
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Avg 2015 21:31
Idi na vrh
offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

prilikom skeniranja sistema pri podizanju istog mi je izasao ROBLEM SA WIN PAR 32 virusom zatim to preskocio i nastavio skeniranje normalnim tokom,Avast je radio u boot modu

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015
Ran by HP (administrator) on HP-A7CE0100E4A4 (10-08-2015 21:25:31)
Running from C:\Documents and Settings\HP\My Documents\Преузимања
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SoundMan.exe
(RealTek Semicoductor Corp.) C:\WINDOWS\alcwzrd.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2006-07-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-04-13] (Agere Systems)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\extreme blocker\extreme blocker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\extreme blocker\extreme blocker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\extreme blocker\extreme blocker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\extreme blocker\extreme blocker.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\extreme blocker\extreme blocker.exe <====== ATTENTION
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\RemoteSaver\fyctr1vy.dll => C:\Documents and Settings\All Users\Application Data\RemoteSaver\fyctr1vy.dll [119808 2015-08-09] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2014-07-15]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-09] (AVAST Software)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]{searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> ielnksrch URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {ielnksrch} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.102.231.241 91.102.231.242
Tcpip\..\Interfaces\{21BED8EB-141C-4121-8776-7C9CE18BCF44}: [DhcpNameServer] 91.102.231.241 91.102.231.242
Tcpip\..\Interfaces\{C318FD2A-9BD7-415D-95C5-39229E980219}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\4l5a30l7.default-1423499333359
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: [Link mogu videti samo ulogovani korisnici]
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: [Link mogu videti samo ulogovani korisnici]
FF Keyword.URL: [Link mogu videti samo ulogovani korisnici]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1645522239-1425521274-1417001333-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\HP\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\4l5a30l7.default-1423499333359\searchplugins\google-avast.xml [2015-08-10]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-09]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml [2015-07-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml [2015-07-01]
FF Extension: Adblock Plus - C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\4l5a30l7.default-1423499333359\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-19]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-20]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-19]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [391472 2013-06-26] (Ralink Technology, Corp.)
S2 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 RemoteSaver; C:\Documents and Settings\All Users\Application Data\RemoteSaver\RemoteSaver [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-09] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-09] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-09] (AVAST Software)
R2 bdfsfltr; C:\WINDOWS\system32\Drivers\bdfsfltr.sys [356368 2013-11-21] (BitDefender)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-02-07] (REALiX(tm))
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5672032 2007-01-13] (Intel Corporation) [File not signed]
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1674056 2013-11-22] (Ralink Technology, Corp.)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 catchme; \??\C:\DOCUME~1\HP\LOCALS~1\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 21:25 - 2015-08-10 21:26 - 00000000 ____D C:\FRST
2015-08-10 20:01 - 2015-08-10 20:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-08-10 20:00 - 2015-08-10 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-08-10 20:00 - 2015-08-10 20:00 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-10 20:00 - 2015-08-10 20:00 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 21:48 - 2015-08-10 20:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RemoteSaver
2015-08-09 21:48 - 2015-08-09 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RemoteSavers
2015-08-09 21:48 - 2015-08-09 21:48 - 00000000 ____D C:\Program Files\Common Files\entyvqpw.shs
2015-08-09 21:43 - 2015-08-09 21:50 - 00064808 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-09 21:42 - 2015-08-09 21:42 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-08-09 21:42 - 2015-08-09 21:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-09 21:42 - 2015-08-09 21:42 - 00000000 ____D C:\Program Files\MSBuild
2015-08-09 21:41 - 2015-08-09 22:23 - 00001084 _____ C:\WINDOWS\spupdsvc.log
2015-08-09 21:41 - 2008-07-06 14:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-08-09 21:41 - 2008-07-06 14:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-08-09 21:41 - 2008-07-06 14:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-08-09 21:41 - 2008-07-06 14:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-08-09 21:41 - 2008-07-06 14:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-08-09 21:41 - 2008-07-06 14:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-08-09 21:41 - 2008-07-06 12:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-08-09 21:38 - 2015-08-09 21:50 - 00000215 _____ C:\WINDOWS\wiadebug.log
2015-08-09 21:38 - 2015-08-09 21:38 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-09 21:38 - 2015-08-09 21:38 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-08-09 20:47 - 2015-08-09 20:59 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2015-08-09 20:22 - 2015-08-09 20:15 - 00000718 _____ C:\Documents and Settings\HP\Desktop\TeamViewer 10.lnk
2015-08-09 20:15 - 2015-08-09 20:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-08-09 12:51 - 2015-08-09 21:41 - 00011878 _____ C:\WINDOWS\setupapi.log
2015-08-09 12:51 - 2015-08-09 12:52 - 00072802 _____ C:\WINDOWS\Wdf01009Inst.log
2015-08-09 12:51 - 2015-08-09 12:51 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-09 12:51 - 2015-08-09 12:51 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-09 12:51 - 2015-08-09 12:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-09 12:51 - 2015-08-09 12:51 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-08 16:07 - 2015-08-08 16:07 - 00012328 _____ C:\Documents and Settings\HP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-07 08:40 - 2015-08-07 12:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-01 05:02 - 2015-08-09 22:20 - 00094272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-30 13:30 - 2015-07-30 13:30 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-25 09:59 - 2015-07-25 09:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-07-25 09:58 - 2015-08-09 12:51 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 21:27 - 2015-02-08 22:10 - 00000000 ____D C:\Documents and Settings\HP\Local Settings\Temp
2015-08-10 21:25 - 2014-07-15 14:18 - 00000000 ____D C:\Documents and Settings\HP\My Documents\Преузимања
2015-08-10 21:12 - 2015-02-08 23:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-10 21:06 - 2015-02-09 00:57 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-10 21:04 - 2015-02-11 21:50 - 00000000 ____D C:\Documents and Settings\HP\Application Data\TeamViewer
2015-08-10 21:02 - 2014-06-21 10:23 - 01894046 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-10 21:00 - 2014-11-10 23:04 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-10 21:00 - 2014-06-21 10:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-10 20:28 - 2015-02-05 09:50 - 00032546 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-10 20:28 - 2014-06-21 10:29 - 00000178 ___SH C:\Documents and Settings\HP\ntuser.ini
2015-08-10 20:20 - 2014-06-21 10:29 - 00000000 ____D C:\Documents and Settings\HP
2015-08-10 20:12 - 2015-01-02 13:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-08-10 19:39 - 2015-07-07 21:20 - 00000712 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-10 19:39 - 2015-07-07 21:20 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-08-10 19:39 - 2015-07-02 20:49 - 00001803 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-08-10 19:36 - 2014-11-10 23:04 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 21:43 - 2014-06-21 12:11 - 00556614 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-09 21:41 - 2014-06-21 12:02 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-09 21:38 - 2014-06-21 12:11 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-09 21:38 - 2014-06-21 12:02 - 00000000 ____D C:\WINDOWS\pchealth
2015-08-09 20:16 - 2014-11-11 12:53 - 00000000 ____D C:\Program Files\TeamViewer
2015-08-09 12:51 - 2015-02-09 00:56 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-09 12:51 - 2015-02-09 00:56 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-09 12:50 - 2015-02-09 00:56 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-08 16:00 - 2015-07-07 21:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-08 16:00 - 2001-08-23 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-07 20:49 - 2014-07-15 14:10 - 00000000 ____D C:\Documents and Settings\HP\Application Data\uTorrent
2015-08-04 16:43 - 2014-11-10 16:27 - 00000000 ____D C:\Documents and Settings\HP\Desktop\slike
2015-08-01 09:22 - 2014-12-14 19:55 - 00081920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCFDRTM.VER
2015-07-31 22:33 - 2015-01-02 17:45 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-07-31 22:33 - 2015-01-02 17:45 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-07-31 22:33 - 2014-11-11 19:09 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2015-07-31 22:33 - 2014-06-21 10:20 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2015-07-30 16:45 - 2014-11-10 20:43 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-07-30 16:45 - 2014-11-10 20:43 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-07-30 16:45 - 2014-07-15 14:44 - 00000000 ____D C:\Program Files\Java
2015-07-30 16:43 - 2015-01-24 09:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-07-14 19:12 - 2015-02-08 23:35 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-14 19:12 - 2015-02-08 23:35 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-06-21 10:39 - 2008-03-09 07:25 - 0000236 _____ () C:\Program Files\Common Files\dx.reg

Some files in TEMP:
====================
C:\Documents and Settings\HP\Local Settings\Temp\Download 150 Game House Full Pack Collection 2015 Serial Number__6629_i1576927449_il4091.exe
C:\Documents and Settings\HP\Local Settings\Temp\GotClip_Setup.exe
C:\Documents and Settings\HP\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\HP\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 10 Avg 2015 22:11
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\RemoteSaver\fyctr1vy.dll => C:\Documents and Settings\All Users\Application Data\RemoteSaver\fyctr1vy.dll [119808 2015-08-09] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1425521274-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3yxt6VUeNEHLQFK7FPdGQaf_p9G10e1kJSigmuRUuPlz10_aSFL_OQRhitVvQOg--uJLbMPbrzrZw,,
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3yxt6VUeNEHLQFK7FPdGQaf_p9G10e1kJSigmuRUuPlz10_aSFL_OQRhitVvQOg--uJLbMPbrzrZw,,
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWucCHW-Qax8yjRKVq-HLcSEthvP7XiUg_tTCXy6vxXznvW5u3GrmRNhmLhemkm3BMCU_e6IP2ASPWa3DhKOoVflZq41AbBd7hru0pxxGoUH2pP6HACjgQAeOqwIqRCLLeDIIgv2VKWvuX1z_-CdAe4ddw5g,,&q={searchTerms}
Toolbar: HKU\S-1-5-21-1645522239-1425521274-1417001333-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF SearchPlugin: C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\4l5a30l7.default-1423499333359\searchplugins\google-avast.xml [2015-08-10]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-09]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\HP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-20]
S2 RemoteSaver; C:\Documents and Settings\All Users\Application Data\RemoteSaver\RemoteSaver [X]
C:\Documents and Settings\All Users\Application Data\RemoteSaver
C:\Documents and Settings\HP\Local Settings\Temp\Download 150 Game House Full Pack Collection 2015 Serial Number__6629_i1576927449_il4091.exe
C:\Documents and Settings\HP\Local Settings\Temp\GotClip_Setup.exe
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 2

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"
Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Poslao: 11 Avg 2015 20:22
Idi na vrh
offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

Poslao: 11 Avg 2015 21:01
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\FRST\Quarantine

i pošalji ga preko sljedećeg linka:

[Link mogu videti samo ulogovani korisnici]



Arrow Korak 2

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;


• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.




>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.




Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

Poslao: 11 Avg 2015 22:03
Idi na vrh
offline
  • Pridružio: 07 Feb 2015
  • Poruke: 12

upload sam iz Frst
[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa win 32

Ko je trenutno na forumu
 

Ukupno su 2267 korisnika na forumu :: 80 registrovanih, 9 sakrivenih i 2178 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: advokat84, aleksmajstor, aleph_one, Apok, Banovo Brdo, Bbbggg1979, Bobrock1, CCCP, cojapop, cuvarkuca, cvrle312, Dare, Darth Malak, delboy, djboj, Dovla 1980, draganl, Duk011, Dusko_Dugousko, ekipo26, Electron, esko_hz, Frunze, Giskard, GveX, Hans Gajger, Holy Saber, HrcAk47, Ikica977, In_hero, jalos, JimmyNapoli, Još malo pa deda, kapela, Kobrim, Komentator, Koser, lacko, Lance Guest, LostInSpaceandTime, luka35, Makarid, markusx, mercedesamg, MIKI63, milanpb, milenko crazy north, miljannis, MiroslavD, obsc, PlayerOne, proljece, Radoslava, RajkoB, raster12, repac, ruma, sajorg, savaskytec, Sharpshooter, shlauf, slowhand, Smiljkovich, Smor, srbijaiznadsvega, StankoVrankovic, stefanmpurtic, TheBeastOfMG, Tihi86, tuja, Tumansky, Tvrtko I, USSVoyager, vathra, vidra1, xAlex2, Zdenko, zeka013, zil10, zokilivac