Nekoliko detekcija Avasta pri Boot Scan-u

Nekoliko detekcija Avasta pri Boot Scan-u

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

Pokrenuh Boot Scan Avastom, jer sam naisao na neke foldere cudnih naziva, i tesko sam ih obrisao, pa rekoh da proverim, kad naidjoh na nekoliko POP-ova. Neke je Avast ''popravio'' neki su ostali koliko vidi. Evo izvestaja FIRST-a, ali ovaj izvestaj od boot scan-a nigde ne mogu da nadjem u tekstualnom formatu.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02
Ran by H61M- VG3 (administrator) on H61M-VG3 on 14-05-2015 22:42:17
Running from C:\Users\H61M- VG3\Desktop
Loaded Profiles: H61M- VG3 (Available profiles: H61M- VG3)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Stardock) C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [HDD Regenerator] => "C:\Program Files\HDD Regenerator\Shell.exe" /1
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\MountPoints2: {34d943d6-10ae-11e4-af9d-bc5ff47e2925} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\MountPoints2: {34d943e0-10ae-11e4-af9d-bc5ff47e2925} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\MountPoints2: {631ff850-10d9-11e4-afa3-bc5ff47e2925} - "E:\sources\sperr32.exe" x64
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\MountPoints2: {c4a54661-81db-11e4-afce-bc5ff47e2925} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\...\MountPoints2: {d1fb9061-65d9-11e4-afcb-bc5ff47e2925} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\H61M- VG3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2014-07-21]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock Plus\ObjectDock.exe (Stardock)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-07-21] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\H61M- VG3\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\H61M- VG3\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\H61M- VG3\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2646959365-3659858304-3842822451-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-21] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.95.1

FireFox:
========
FF ProfilePath: C:\Users\H61M- VG3\AppData\Roaming\Mozilla\Firefox\Profiles\q4rsr346.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-21] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Adblock Plus - C:\Users\H61M- VG3\AppData\Roaming\Mozilla\Firefox\Profiles\q4rsr346.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-07]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-21]

Chrome:
=======
CHR HomePage: Profile 1 ->
CHR StartupUrls: Profile 1 -> "hxxp://www.facebook.com/"
CHR Profile: C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-01-14]
CHR Extension: (AdBlock) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]
CHR Extension: (Bookmark Manager) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-01-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Mail Checker) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-14]
CHR Extension: (Outlook.com Notifier) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Audio Cutter) - C:\Users\H61M- VG3\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-01-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-21] (AVAST Software)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [977920 2015-03-05] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [116224 2012-02-09] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81768 2014-07-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-12-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [71944 2014-07-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-21] ()
R3 athur; C:\WINDOWS\system32\DRIVERS\athuw8.sys [2193408 2013-06-03] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-07-21] (Disc Soft Ltd)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21952 2012-02-09] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21952 2012-02-09] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [41376 2013-07-30] ()
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-07-22] (Microsoft Corporation)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [31680 2015-05-14] ()
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 22:42 - 2015-05-14 22:42 - 00015336 _____ () C:\Users\H61M- VG3\Desktop\FRST.txt
2015-05-14 22:42 - 2015-05-14 22:42 - 00000000 ____D () C:\FRST
2015-05-14 22:40 - 2015-05-14 22:40 - 01145856 _____ (Farbar) C:\Users\H61M- VG3\Desktop\FRST.exe
2015-05-14 20:23 - 2015-05-14 20:23 - 00086976 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-05-14 19:04 - 2015-05-14 19:17 - 00000000 ____D () C:\Users\H61M- VG3\Desktop\mbar
2015-05-14 19:02 - 2015-05-14 19:03 - 16502728 _____ (Malwarebytes Corp.) C:\Users\H61M- VG3\Downloads\mbar-1.09.1.1004.exe
2015-05-14 10:37 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:06 - 2015-05-13 22:07 - 00000644 _____ () C:\Users\H61M- VG3\Desktop\Synopsis.txt
2015-05-13 19:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 19:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 19:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 19:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 19:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 19:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 19:05 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 19:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 19:05 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 19:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 19:05 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 19:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 19:05 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 19:05 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 19:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 19:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 19:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 19:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 19:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 19:05 - 2015-04-14 00:43 - 03543552 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 19:05 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 19:05 - 2015-04-10 02:23 - 01088512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 19:05 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 19:05 - 2015-03-13 03:19 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 19:04 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 19:04 - 2015-04-24 22:49 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 19:04 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 19:04 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 19:04 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 19:04 - 2015-03-30 07:51 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 19:04 - 2015-03-27 04:20 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 19:04 - 2015-03-20 03:47 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 19:04 - 2015-03-17 19:15 - 00376128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 19:04 - 2015-03-13 04:18 - 00200000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 19:04 - 2015-03-13 04:18 - 00131904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 19:04 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 19:04 - 2015-03-13 02:27 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 19:04 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 19:04 - 2015-03-09 03:18 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 19:04 - 2015-03-06 04:27 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 19:04 - 2015-03-05 01:08 - 00977920 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 19:04 - 2015-02-18 01:19 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 19:04 - 2015-01-30 02:56 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 19:03 - 2015-04-09 00:59 - 00333624 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 19:03 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 19:03 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-03 16:35 - 2015-05-03 16:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-28 21:26 - 2015-04-28 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-04-19 11:54 - 2015-04-19 12:03 - 00000000 ____D () C:\Program Files\HDD Regenerator
2015-04-19 11:54 - 2015-04-19 12:02 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-18 15:14 - 2015-04-18 15:14 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-15 08:45 - 2015-03-23 23:45 - 05782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:45 - 2015-03-23 23:45 - 01468920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:45 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:45 - 2015-03-23 00:44 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:45 - 2015-03-23 00:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:45 - 2015-03-20 05:25 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:45 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:45 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:45 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 08:44 - 2015-03-14 10:40 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:44 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:44 - 2015-03-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:44 - 2015-03-14 03:11 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:44 - 2015-03-14 02:59 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:44 - 2015-03-14 02:03 - 03040768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:44 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:44 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:44 - 2015-03-14 02:00 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:44 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:44 - 2015-03-14 01:59 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:44 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:44 - 2015-03-14 01:55 - 02309120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:44 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:44 - 2015-03-04 12:05 - 00279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:44 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:44 - 2015-02-24 10:20 - 00738112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:44 - 2015-02-21 01:24 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 22:02 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-14 21:54 - 2014-07-21 10:33 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 21:27 - 2015-02-22 01:24 - 00000000 ____D () C:\Users\H61M- VG3\AppData\Local\HTC MediaHub
2015-05-14 21:27 - 2014-07-21 15:41 - 00000000 ____D () C:\ProgramData\MCShield
2015-05-14 21:27 - 2014-07-21 15:03 - 00000000 ___DO () C:\Users\H61M- VG3\OneDrive
2015-05-14 21:27 - 2014-07-21 10:33 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 20:36 - 2014-07-21 14:47 - 01437516 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-14 20:36 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-14 20:23 - 2014-08-30 00:12 - 00031680 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-05-14 20:23 - 2014-07-21 14:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-14 20:23 - 2013-08-22 09:23 - 00044435 _____ () C:\WINDOWS\setupact.log
2015-05-14 20:23 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-14 20:23 - 2013-08-22 09:22 - 03732048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-14 20:22 - 2014-07-21 15:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 20:22 - 2014-03-18 09:49 - 00038078 _____ () C:\WINDOWS\PFRO.log
2015-05-14 19:19 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-14 19:18 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-14 19:17 - 2014-09-11 12:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 19:05 - 2014-09-11 12:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 19:04 - 2014-09-11 12:08 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-14 19:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-14 10:39 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-14 10:37 - 2014-03-18 09:39 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 10:37 - 2013-08-22 08:21 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-14 10:36 - 2014-07-21 03:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-14 10:30 - 2014-07-21 03:07 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 22:22 - 2014-07-21 11:11 - 31783936 ___SH () C:\Users\H61M- VG3\Downloads\Thumbs.db
2015-05-12 15:28 - 2014-07-22 23:27 - 03075072 ___SH () C:\Users\H61M- VG3\Desktop\Thumbs.db
2015-05-11 15:09 - 2015-03-14 09:00 - 00000000 ____D () C:\Users\Za vas
2015-05-05 19:59 - 2013-08-22 10:18 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-05 19:59 - 2013-08-22 10:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-02 17:25 - 2014-07-22 18:57 - 00000000 ____D () C:\NVIDIA
2015-05-02 17:24 - 2014-03-18 10:00 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-02 12:28 - 2014-07-21 15:07 - 00000000 ____D () C:\Users\H61M- VG3\AppData\Roaming\uTorrent
2015-04-28 21:26 - 2014-10-18 10:06 - 00001839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-04-28 21:25 - 2014-07-21 12:57 - 00000000 ____D () C:\Users\H61M- VG3\AppData\Roaming\vlc
2015-04-19 22:00 - 2014-07-21 10:08 - 00000000 __SHD () C:\Recovery
2015-04-19 11:53 - 2014-07-24 14:49 - 00000000 ____D () C:\Users\H61M- VG3\AppData\Local\Downloaded Installations
2015-04-18 15:41 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-18 15:13 - 2014-07-21 21:19 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-04-18 15:13 - 2014-07-21 21:18 - 00000000 ____D () C:\Program Files\Java
2015-04-16 21:07 - 2014-09-01 08:39 - 00000000 ____D () C:\Users\H61M- VG3\AppData\Local\CrashDumps
2015-04-16 11:05 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 19:49 - 2014-12-22 20:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 19:49 - 2014-07-21 03:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 21:19 - 2014-07-21 16:37 - 00000132 _____ () C:\Users\H61M- VG3\AppData\Roaming\Adobe PNG Format CS6 Prefs

==================== Files in the root of some directories =======

2014-12-19 19:07 - 2014-12-19 19:07 - 0000132 _____ () C:\Users\H61M- VG3\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2014-12-06 23:51 - 2014-12-06 23:51 - 0000132 _____ () C:\Users\H61M- VG3\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-07-21 16:37 - 2015-04-14 21:19 - 0000132 _____ () C:\Users\H61M- VG3\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-12 15:23 - 2014-08-12 15:35 - 0000242 _____ () C:\Users\H61M- VG3\AppData\Roaming\burnaware.ini
2014-08-12 15:25 - 2014-08-12 15:35 - 0000031 _____ () C:\Users\H61M- VG3\AppData\Local\burnaware.ini
2014-07-21 12:15 - 2015-02-21 01:40 - 0007598 _____ () C:\Users\H61M- VG3\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\H61M- VG3\AppData\Local\Temp\6_Offer_7.exe
C:\Users\H61M- VG3\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy8pedp.dll
C:\Users\H61M- VG3\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\H61M- VG3\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\H61M- VG3\AppData\Local\Temp\nvStInst.exe
C:\Users\H61M- VG3\AppData\Local\Temp\Quarantine.exe
C:\Users\H61M- VG3\AppData\Local\Temp\sfamcc00001.dll
C:\Users\H61M- VG3\AppData\Local\Temp\sfextra.dll
C:\Users\H61M- VG3\AppData\Local\Temp\sqlite3.dll
C:\Users\H61M- VG3\AppData\Local\Temp\SRLDetectionLibrary7019731887271115703.dll
C:\Users\H61M- VG3\AppData\Local\Temp\SRLDetectionLibrary8424381343425857905.dll
C:\Users\H61M- VG3\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-09 09:24

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,

Postavljeni izvestaji ne pokazuju tragove aktivne infekcije. Vdeh da si preuzimao i pokretao MBAR. Taj alat izbegavaj, ili ga koristi samo u slucaju najvece nuzde, u prevodu izbegavaj ga koristiti bez nadzora. To je mocan AntiRootkit alat koji nije tipican AntiMalware program. Ta nuzda tipa 'nekoliko detekcija Avast! detekcija' nije prava nuzda. Cisto FYI. Wink

Voleo bih da imas na umu da uprkos nasoj dobroj volji, ti se uvek nekako vracas u Ambulantu sa istim problemima, a to je neka vrsta adware-a ili neki trag PUP softvera. U proslosti si dobijao savete kako da se zastitis. Preventiva je laka kada se naucis, pronadji u Zastita forumu Unchecky app a sto se tice generalnog problema, nauci osnove koriscenja interneta i kako se moderni free program danas instalira, a to je da citas sta ti sama instalacija nudi.

Prost pocetnicki primer: + Klikni me

Info:
https://www.java.com/en/download/faq/ask_toolbar.xml


Zakljucak: iako je Java veoma legitimna, ona nudi PUP koji ti treba da izbegnes.

Poenta ovog pisanja jeste da iako ti mi zelimo pomoci, i hocemo, za uzvrat moras i ti da ispostujes nas trud i da bar nesto naucis. Wink
Ipak mi nase slobodno vreme koristimo za Ambulantu.


Obrisi FRST alat, obrisi MBAR alat i radni folder i obrisi C:\FRST radni folder. Sto se tice avast! AV, njihovi developeri su dodali veliki broj heuristickih detekcija pa ce neko vreme biti potrebno da se sve lazene detekcije i stabilizuju.

offline
  • Pridružio: 26 Sep 2012
  • Poruke: 1861
  • Gde živiš: Ček' da vidim...

Hvala Vama na trudu koji ulazete, ja maksimalno pokusavam da ''pametno'' koristim internet, i da se zastitim, ali izgleda da se uvek negde nesto provuce.

Ko je trenutno na forumu
 

Ukupno su 549 korisnika na forumu :: 14 registrovanih, 4 sakrivenih i 531 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., crnitrn, Dimitrise93, Dragan1998, drimer, laki_bb, Mercury, Sirius, vandrej, Vlad000, Vlada1389, voja64, Wisdomseeker