problemi sa virusom

problemi sa virusom

offline
  • Pridružio: 02 Apr 2015
  • Poruke: 2

Evo pročitala sam vaša pravila i nadam se da sam sve napravila kako treba, inače se komp dosta resetira, imam avast s kojim sam dosad godinama radila i nisam imala problema, on detektira nekakav trojanac win. logonui pri svakom gašenju kompa i kad pokrenem malwarebytes, posvuda su reklame, a ne mogu da mrdnem, stalno se otvaraju neke stranice (film-za-odrasle)-o sadržaja ili neke druge, koristim chrome, već par dana me izluđuje, nadam se da mi možete pomoći, gore imam xp nekakav black edition, vjerojatno je virus već bio u windowsima kod instalacije, nemam pojma
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Admin (administrator) on PAL on 02-04-2015 17:26:23
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-02] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [279552 2007-12-28] ()
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-436374069-1383384898-1801674531-1003\...\MountPoints2: {9346ace0-d7c1-11e4-be1d-0015f26b516f} - G:\
HKU\S-1-5-21-436374069-1383384898-1801674531-1003\...\MountPoints2: {94f18a19-7c83-11e4-9871-806d6172696f} - F:\3ivxCodecVer502.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-436374069-1383384898-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
HKU\S-1-5-21-436374069-1383384898-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\.DEFAULT -> {1921ED09-583B-4B28-84F2-8BBDB35CEF39} URL = RyanVM.net
SearchScopes: HKU\.DEFAULT -> {39FF1121-7EB7-4C51-BCC8-DCE06F3745E3} URL = search.lycos.com/setup.php?src=ie&query={searchTerms}
SearchScopes: HKU\.DEFAULT -> {5A171114-24D8-435B-8A2C-D28AC20D125C} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> {7780F183-7385-4512-8AC8-F4E401767900} URL = cnet.search.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {79096E8E-F8B5-4F97-9EE8-7E59B5566BFF} URL = search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\.DEFAULT -> {7C408AA2-928B-4381-A61A-52DF4164615F} URL = web.ask.com/web?q={searchTerms}&o=10365
SearchScopes: HKU\.DEFAULT -> {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\.DEFAULT -> {91814F9F-43DF-4C65-AD76-BAA6EA56A609} URL = search.indiatimes.com/websearch.cms?query={searchTerms}&GO=GO
SearchScopes: HKU\.DEFAULT -> {91821537-42FB-4108-AF1C-851E2C002716} URL = search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\.DEFAULT -> {E16D1698-A644-4B5D-AA96-5129DEAD3A48} URL = search.sify.com/search.php?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {E50C76D9-48D9-4941-9327-A3498F3B0E84} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\.DEFAULT -> {FA9BB16A-2F4A-4461-B9D0-CD95DED53CE2} URL = search.rediff.com/dirsrch/default.asp?MT={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-19 -> {1921ED09-583B-4B28-84F2-8BBDB35CEF39} URL = RyanVM.net
SearchScopes: HKU\S-1-5-19 -> {39FF1121-7EB7-4C51-BCC8-DCE06F3745E3} URL = search.lycos.com/setup.php?src=ie&query={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {5A171114-24D8-435B-8A2C-D28AC20D125C} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {7780F183-7385-4512-8AC8-F4E401767900} URL = cnet.search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {79096E8E-F8B5-4F97-9EE8-7E59B5566BFF} URL = search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-19 -> {7C408AA2-928B-4381-A61A-52DF4164615F} URL = web.ask.com/web?q={searchTerms}&o=10365
SearchScopes: HKU\S-1-5-19 -> {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-19 -> {91814F9F-43DF-4C65-AD76-BAA6EA56A609} URL = search.indiatimes.com/websearch.cms?query={searchTerms}&GO=GO
SearchScopes: HKU\S-1-5-19 -> {91821537-42FB-4108-AF1C-851E2C002716} URL = search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-19 -> {E16D1698-A644-4B5D-AA96-5129DEAD3A48} URL = search.sify.com/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {E50C76D9-48D9-4941-9327-A3498F3B0E84} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> {FA9BB16A-2F4A-4461-B9D0-CD95DED53CE2} URL = search.rediff.com/dirsrch/default.asp?MT={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-20 -> {1921ED09-583B-4B28-84F2-8BBDB35CEF39} URL = RyanVM.net
SearchScopes: HKU\S-1-5-20 -> {39FF1121-7EB7-4C51-BCC8-DCE06F3745E3} URL = search.lycos.com/setup.php?src=ie&query={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {5A171114-24D8-435B-8A2C-D28AC20D125C} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {7780F183-7385-4512-8AC8-F4E401767900} URL = cnet.search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {79096E8E-F8B5-4F97-9EE8-7E59B5566BFF} URL = search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-20 -> {7C408AA2-928B-4381-A61A-52DF4164615F} URL = web.ask.com/web?q={searchTerms}&o=10365
SearchScopes: HKU\S-1-5-20 -> {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-20 -> {91814F9F-43DF-4C65-AD76-BAA6EA56A609} URL = search.indiatimes.com/websearch.cms?query={searchTerms}&GO=GO
SearchScopes: HKU\S-1-5-20 -> {91821537-42FB-4108-AF1C-851E2C002716} URL = search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-20 -> {E16D1698-A644-4B5D-AA96-5129DEAD3A48} URL = search.sify.com/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {E50C76D9-48D9-4941-9327-A3498F3B0E84} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> {FA9BB16A-2F4A-4461-B9D0-CD95DED53CE2} URL = search.rediff.com/dirsrch/default.asp?MT={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> DefaultScope {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {1921ED09-583B-4B28-84F2-8BBDB35CEF39} URL = RyanVM.net
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {39FF1121-7EB7-4C51-BCC8-DCE06F3745E3} URL = search.lycos.com/setup.php?src=ie&query={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {5A171114-24D8-435B-8A2C-D28AC20D125C} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {7780F183-7385-4512-8AC8-F4E401767900} URL = cnet.search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {79096E8E-F8B5-4F97-9EE8-7E59B5566BFF} URL = search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {7C408AA2-928B-4381-A61A-52DF4164615F} URL = web.ask.com/web?q={searchTerms}&o=10365
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {7DB0124C-1A43-4F77-876C-79EA5BCF12C6} URL = ryanvm.net/forum/search.php?mode=results
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {91814F9F-43DF-4C65-AD76-BAA6EA56A609} URL = search.indiatimes.com/websearch.cms?query={searchTerms}&GO=GO
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {91821537-42FB-4108-AF1C-851E2C002716} URL = search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {E16D1698-A644-4B5D-AA96-5129DEAD3A48} URL = search.sify.com/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {E50C76D9-48D9-4941-9327-A3498F3B0E84} URL = google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-436374069-1383384898-1801674531-1003 -> {FA9BB16A-2F4A-4461-B9D0-CD95DED53CE2} URL = search.rediff.com/dirsrch/default.asp?MT={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-02] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k6ig3x9y.default
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.3088 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2007-12-21] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.11.3006 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2007-12-21] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-436374069-1383384898-1801674531-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-436374069-1383384898-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-11-28] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2007-12-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2007-12-21] (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2007-11-28]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2007-11-28]
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2014-12-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-06]
StartMenuInternet: FIREFOX.EXE - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-06]
CHR Extension: (Google Docs) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-06]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-06]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-06]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-06]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-14]
CHR Extension: (Chrono Download Manager) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-02-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-06]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-06]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-02]
CHR HKU\S-1-5-21-436374069-1383384898-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-02] (Avast Software s.r.o.)
S3 TuneUp.Defrag; C:\WINDOWS\System32\TuneUpDefragService.exe [306432 2014-12-06] (TuneUp Software GmbH)
S2 Service Mgr ExpressFind; "C:\Documents and Settings\All Users\Application Data\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73440 2015-04-02] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788272 2015-04-02] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427736 2015-04-02] (Avast Software s.r.o.)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2014-12-06] (The OpenVPN Project)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-02] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208024 2015-04-02] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
R3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [377358 2002-11-19] (C-Media Inc)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-04] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-01] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2007-12-28] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)
R0 sisraidx; C:\WINDOWS\system32\Drivers\sisraidx.sys [47616 2007-12-29] (Silicon Integrated Systems Corp.) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360704 2007-12-28] (Microsoft Corporation) [File not signed]
S4 IntelIde; No ImagePath
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [78720 2007-12-28] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:26 - 2015-04-02 17:26 - 00000000 ____D () C:\FRST
2015-04-02 16:47 - 2015-04-02 16:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-02 16:31 - 2015-04-02 16:31 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-02 16:31 - 2015-04-02 16:31 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-02 16:29 - 2015-04-02 16:29 - 00090112 _____ () C:\WINDOWS\Minidump\Mini040215-02.dmp
2015-04-02 12:36 - 2015-04-02 12:36 - 00090112 _____ () C:\WINDOWS\Minidump\Mini040215-01.dmp
2015-04-01 23:14 - 2015-04-01 23:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini040115-03.dmp
2015-04-01 21:33 - 2015-04-01 21:33 - 00000000 ____D () C:\Avenger
2015-04-01 18:42 - 2015-04-01 18:42 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agentsvr.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\accwiz.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ahui.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\alg.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\arp.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00016439 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admin.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00012498 _____ () C:\WINDOWS\system32\dllcache\append.exe
2015-04-01 18:42 - 2015-04-01 18:42 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\actmovie.exe
2015-04-01 18:39 - 2015-04-01 18:39 - 00000759 _____ () C:\Documents and Settings\Admin\Desktop\DllSuite.lnk
2015-04-01 18:39 - 2015-04-01 18:39 - 00000000 ____D () C:\Program Files\DLLSuite
2015-04-01 18:39 - 2015-04-01 18:39 - 00000000 ____D () C:\Documents and Settings\Admin\Start Menu\Programs\Dll Suite 2014
2015-04-01 16:22 - 2015-04-01 16:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini040115-02.dmp
2015-04-01 08:20 - 2015-04-01 08:20 - 00090112 _____ () C:\WINDOWS\Minidump\Mini040115-01.dmp
2015-03-31 19:15 - 2015-03-31 19:15 - 00090112 _____ () C:\WINDOWS\Minidump\Mini033115-01.dmp
2015-03-31 18:18 - 2015-03-31 18:18 - 00004730 _____ () C:\WINDOWS\setupapi.log
2015-03-30 23:02 - 2015-03-30 23:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\RHEng
2015-03-30 23:01 - 2015-03-30 23:08 - 00000000 ____D () C:\KMPlayer
2015-03-30 23:01 - 2015-03-30 23:01 - 00001593 _____ () C:\Documents and Settings\Admin\Desktop\KMP Games.lnk
2015-03-30 23:01 - 2015-03-30 23:01 - 00000522 _____ () C:\Documents and Settings\Admin\Desktop\KMPlayer.lnk
2015-03-30 23:01 - 2015-03-30 23:01 - 00000000 ____D () C:\Documents and Settings\Admin\Start Menu\Programs\The KMPlayer
2015-03-19 18:17 - 2015-03-19 18:18 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\heroes
2015-03-16 09:48 - 2015-03-16 09:51 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\New Folder
2015-03-13 20:44 - 2015-03-13 20:44 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2015-03-13 20:44 - 2015-03-13 20:44 - 00000000 ____D () C:\Program Files\3ivx
2015-03-13 20:44 - 2015-03-13 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\3ivx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:27 - 2014-12-06 00:24 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-04-02 17:20 - 2014-12-06 05:21 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 16:47 - 2014-12-27 21:54 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-02 16:46 - 2014-12-27 21:54 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-04-02 16:46 - 2014-12-27 21:53 - 00000000 ____D () C:\Program Files\Java
2015-04-02 16:45 - 2014-12-06 01:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-02 16:41 - 2014-12-06 00:18 - 01444840 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-02 16:40 - 2014-12-07 00:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-02 16:40 - 2014-12-07 00:48 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-02 16:40 - 2014-12-06 05:21 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 16:40 - 2014-12-06 00:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-02 16:39 - 2014-12-06 00:24 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-04-02 16:39 - 2014-12-06 00:20 - 00032562 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-02 16:31 - 2014-12-06 01:15 - 00788272 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00427736 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00208024 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00073440 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-02 16:31 - 2014-12-06 01:15 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-02 16:29 - 2014-12-05 16:01 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-01 22:19 - 2014-12-06 02:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-30 23:06 - 2014-12-06 00:24 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\uTorrent
2015-03-30 23:06 - 2014-12-06 00:24 - 00000000 ____D () C:\Documents and Settings\Admin
2015-03-30 22:39 - 2014-12-06 06:15 - 00020992 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-29 09:36 - 2014-12-05 15:55 - 00356120 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-22 21:16 - 2014-12-13 22:50 - 00000000 ___RD () C:\Documents and Settings\Admin\My Documents\Google disk
2015-03-20 09:22 - 2014-12-06 05:21 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-03-19 17:38 - 2014-12-06 02:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-17 19:16 - 2014-12-06 00:18 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM

==================== Files in the root of some directories =======

2014-12-06 06:15 - 2015-03-30 22:39 - 0020992 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Documents and Settings\Admin\Local Settings\Temp\KMP_3.9.1.134.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

pokušala sam prikačiti fajl ali ne ide, evo kopije Addition fajl
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-02 17:27:41
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\.DEFAULT\...\uTorrent) (Version: 1.7.5 - )
µTorrent (HKU\S-1-5-19\...\uTorrent) (Version: 1.7.5 - )
µTorrent (HKU\S-1-5-20\...\uTorrent) (Version: 1.7.5 - )
µTorrent (HKU\S-1-5-21-436374069-1383384898-1801674531-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
3ivx MPEG-4 5.0.2 (remove only) (HKLM\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
Adobe Flash Player 16 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 16.0.0.240 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Croatian (HKLM\...\{AC76BA86-7AD7-1050-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
DLL Suite 2013 (HKLM\...\{885843E7-6CAC-4791-B7BF-1CD516017954}_is1) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Heart of Darkness CD-Rip, CD-Rip (PC Windows, © 1998 - Amazing Studios) (HKLM\...\{68D7D124-673A-42C6-B716-6E8E4E26995F}_is1) (Version: 2.06 - DJ OldGames)
Heroes Chronicles (HKLM\...\GOGPACKHEROESCHRONICLES_is1) (Version: 2.0.0.38 - GOG.com)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Mega Codec Pack 3.6.2 (HKLM\...\KLiteCodecPack_is1) (Version: 3.6.2 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.128 - PandoraTV)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Meine Tierklinik (HKLM\...\Meine Tierklinik_is1) (Version: Meine Tierklinik - Braingame)
Mozilla Firefox (2.0.0.11) (HKLM\...\Mozilla Firefox (2.0.0.11)) (Version: 2.0.0.11 (en-US) - Mozilla)
Opera Stable 26.0.1656.60 (HKLM\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PCI Audio Driver (HKLM\...\PCI Audio Driver) (Version: - )
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
TuneUp Utilities 2008 (HKLM\...\{5888428E-699C-4E71-BF71-94EE06B497DA}) (Version: 7.0.7991 - TuneUp Software)
Unity Web Player (HKU\S-1-5-21-436374069-1383384898-1801674531-1003\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Windows Vista Games All In One (HKLM\...\VistaGames) (Version: - )
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-436374069-1383384898-1801674531-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-436374069-1383384898-1801674531-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-436374069-1383384898-1801674531-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-436374069-1383384898-1801674531-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-436374069-1383384898-1801674531-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================

05-02-2015 16:15:07 System Checkpoint
06-02-2015 21:01:32 System Checkpoint
10-02-2015 11:28:36 System Checkpoint
11-02-2015 12:38:55 System Checkpoint
16-02-2015 16:22:07 System Checkpoint
18-02-2015 12:22:18 System Checkpoint
20-02-2015 21:51:21 System Checkpoint
22-02-2015 08:47:46 System Checkpoint
23-02-2015 21:06:56 System Checkpoint
25-02-2015 16:03:06 System Checkpoint
27-02-2015 07:54:52 System Checkpoint
28-02-2015 14:19:18 System Checkpoint
01-03-2015 17:14:43 System Checkpoint
03-03-2015 13:29:01 System Checkpoint
06-03-2015 13:15:08 System Checkpoint
07-03-2015 16:33:46 System Checkpoint
10-03-2015 13:48:47 System Checkpoint
12-03-2015 12:46:19 System Checkpoint
13-03-2015 14:20:59 System Checkpoint
16-03-2015 17:05:20 System Checkpoint
17-03-2015 21:18:25 System Checkpoint
19-03-2015 18:56:23 System Checkpoint
22-03-2015 09:17:07 System Checkpoint
24-03-2015 08:52:51 System Checkpoint
25-03-2015 10:46:30 System Checkpoint
30-03-2015 10:13:31 System Checkpoint
01-04-2015 10:00:17 System Checkpoint
02-04-2015 16:30:48 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\1-Click Maintenance.job => C:\Program Files\TuneUp Utilities 2008\OneClick.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1383384898-1801674531-1003Core.job => C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-436374069-1383384898-1801674531-1003UA.job => C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1417819024.job => C:\Program Files\Opera\launcher.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-02 16:31 - 2015-04-02 16:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-02 16:31 - 2015-04-02 16:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-02 16:30 - 2015-04-02 16:30 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040201\algo.dll
2015-03-14 06:49 - 2015-04-02 16:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2004-08-04 06:00 - 2004-08-04 06:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2004-08-04 06:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-03-20 09:22 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 09:22 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2014-12-06 16:45 - 2014-02-10 22:44 - 04592128 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-06 16:45 - 2014-02-10 22:44 - 00112128 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-436374069-1383384898-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to RocketDock.lnk => C:\WINDOWS\pss\Shortcut to RocketDock.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to sidebar.lnk => C:\WINDOWS\pss\Shortcut to sidebar.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: C-Media Mixer => Mixer.exe /startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: VistaDrive => C:\WINDOWS\VistaDrive.exe

==================== Accounts: =============================

Admin (S-1-5-21-436374069-1383384898-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-436374069-1383384898-1801674531-500 - Administrator - Enabled)
Guest (S-1-5-21-436374069-1383384898-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-436374069-1383384898-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-436374069-1383384898-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 02:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000321f1.
Processing media-specific event for [chrome.exe!ws!]

Error: (04/01/2015 02:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module chrome.dll, version 41.0.2272.101, fault address 0x003da3db.
Processing media-specific event for [chrome.exe!ws!]

Error: (04/01/2015 02:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module chrome.dll, version 41.0.2272.101, fault address 0x0000811d.
Processing media-specific event for [chrome.exe!ws!]

Error: (03/30/2015 11:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application kmplayer_3-9-0-128.exe, version 3.9.0.128, faulting module riched20.dll, version 5.30.23.1228, fault address 0x00057e5b.
Processing media-specific event for [kmplayer_3-9-0-128.exe!ws!]

Error: (03/27/2015 08:24:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module chrome.dll, version 41.0.2272.101, fault address 0x003aebf4.
Processing media-specific event for [chrome.exe!ws!]

Error: (03/24/2015 08:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [chrome.exe!ws!]

Error: (03/24/2015 05:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.101, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chrome.exe!ws!]

Error: (03/22/2015 00:09:04 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation ContextC:\DOCUME~1\Admin\LOCALS~1\Temp\richard.exeThe operation completed successfully.

Error: (03/22/2015 00:09:04 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Access is denied.
C:\DOCUME~1\Admin\LOCALS~1\Temp\richard.exe0

Error: (03/19/2015 04:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 41.0.2272.89, faulting module chrome.dll, version 41.0.2272.89, fault address 0x003a3d58.
Processing media-specific event for [chrome.exe!ws!]


System errors:
=============
Error: (01/17/2015 01:44:25 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/17/2015 08:06:50 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/16/2015 06:21:17 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/16/2015 06:00:13 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/15/2015 07:35:53 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/15/2015 07:24:04 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (01/14/2015 04:58:19 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000d1, parameter1 27ae0f50, parameter2 00000002, parameter3 00000000, parameter4 f70fb8f4.

Error: (01/14/2015 04:58:09 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 80e0ddb5, parameter2 00000000, parameter3 80e0ddb5, parameter4 00000000.

Error: (01/13/2015 00:24:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/12/2015 01:54:10 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 8d55f6d4, parameter2 00000002, parameter3 00000001, parameter4 804f652b.


Microsoft Office Sessions:
=========================
Error: (04/01/2015 02:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101ntdll.dll5.1.2600.2180000321f1

Error: (04/01/2015 02:50:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101chrome.dll41.0.2272.101003da3db

Error: (04/01/2015 02:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101chrome.dll41.0.2272.1010000811d

Error: (03/30/2015 11:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: kmplayer_3-9-0-128.exe3.9.0.128riched20.dll5.30.23.122800057e5b

Error: (03/27/2015 08:24:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101chrome.dll41.0.2272.101003aebf4

Error: (03/24/2015 08:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101ntdll.dll5.1.2600.218000018fea

Error: (03/24/2015 05:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.101unknown0.0.0.000000000

Error: (03/22/2015 00:09:04 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation ContextC:\DOCUME~1\Admin\LOCALS~1\Temp\richard.exeThe operation completed successfully.

Error: (03/22/2015 00:09:04 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Access is denied.
C:\DOCUME~1\Admin\LOCALS~1\Temp\richard.exe0

Error: (03/19/2015 04:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.89chrome.dll41.0.2272.89003a3d58


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 75%
Total physical RAM: 1023.29 MB
Available physical RAM: 246.86 MB
Total Pagefile: 2463.75 MB
Available Pagefile: 1696.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:77.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:53.37 GB) NTFS
Drive e: () (Fixed) (Total:102.77 GB) (Free:30.3 GB) NTFS
Drive f: (PaceNet) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 04280427)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.4 GB) - (Type=OF Extended)

==================== End Of Log ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10575
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Pozdrav nanaklas

Imaš instaliran XP SP2 za koji je Microsoft još odavno prekinuo podršku plus što je u pitanju modfikovana verzija zvana black edition. Čišćenje takvog sistema se ne isplati. Nabrže i najbezboljnije rješenje je da formatiraš C: i instaliraš nemodifikovani XP SP3.
Kako je i za XP prije godinu dana prekinuta podrška, preporučujem ti da onda instaliraš neku laganu Linux distribuciju ako računar koristiš isključivo za surfanje.

offline
  • Pridružio: 02 Apr 2015
  • Poruke: 2

hmm.. hvala ti, znači total crash, sve u smeće, tako sam i mislila

Ko je trenutno na forumu
 

Ukupno su 898 korisnika na forumu :: 42 registrovanih, 7 sakrivenih i 849 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., acakrpa, airsuba, aljosa7, awathorn, babaroga2, Bane san, BW, Cirkon2, Denaya, dogodine, dragan638, Drug pukovnik, Jester, Klecaviks, Leonardo, lord sir giga, Marko Marković, mačković, MilosKop, mladen.zovko, nadjas_515, Nebo_M, pedja63, pein, pera bager, powSrb, RJ, robertino2, royst33, sabros, sunto, theNedjeljko, Trpe Grozni, vathra, Vlada1389, vlvl, VP3987, VP6919, W123, yrraf, |_MeD_|