MyCity » Ambulanta -> Arhiva Ambulante » PROVERA

PROVERA

Napisano na dan: 15.9.2014

PROVERA
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Sep 2014 19:11
Idi na vrh
offline
  • Miroljub Čeperković
  • mašinska
  • Pridružio: 20 Mar 2012
  • Poruke: 2181
  • Gde živiš: Vrnjačka Banja

Hteo bi da proverim komšijin komp da li ima viruse i greške
pišem sa mog kompa
evo
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png
izveštaji




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by User1 (administrator) on INTERNETPC on 15-09-2014 16:32:46
Running from C:\Users\User1\Desktop
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\Telenor Internet\AssistantServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
() C:\Program Files (x86)\NETGEAR\WG311v3\wlancfg5.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Telenor Internet\UIExec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Telenor Internet\UIMain.exe
() C:\Program Files (x86)\Telenor Internet\CMUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Telenor Internet\UIExec.exe [157440 2013-07-16] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a0840-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a087e-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a14c6-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a14ed-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {3a7674af-d552-11e3-be6f-8aaa83c00a51} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {838302d7-14b1-11e4-bea5-c8948d4833ee} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {8de23ab0-9b57-11e3-be6d-9dc70bfdc02d} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {8de23b74-9b57-11e3-be6d-9dc70bfdc02d} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95603778-9c9e-11e3-be6e-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {956037b3-9c9e-11e3-be6e-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95603eb8-9c9e-11e3-be6e-001e101f80ed} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95604c6b-9c9e-11e3-be6e-001e101f80ed} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {b24cd441-167b-11e4-bea7-001999250105} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {c56655a1-9589-11e3-be6a-001e101fa621} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70ecf4-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70efa3-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70f176-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk
ShortcutTarget: NETGEAR WG311v3 Wireless Assistant.lnk -> C:\Windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF73589451826CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {823735F4-A065-45DD-971B-E1D06C1D58AF} URL = https://search.yahoo.com/search?fr=chr-greentree_i.....891&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D987D231-B856-4E6F-A8A1-E7B757ACEB79}: [NameServer] 217.65.192.101 217.65.192.102

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default
FF Homepage: https://www.google.rs
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&a.....891&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: Click&Clean - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\clickclean@hotcleaner.com [2014-05-06]
FF Extension: No Name - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\staged [2014-09-15]
FF Extension: Saved Password Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-05-06]
FF Extension: Facebook Phishing Protector - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-02-21]
FF Extension: Quick Translator - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-05-06]
FF Extension: gTranslate - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2014-05-06]
FF Extension: QuickJava - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-06]
FF Extension: Google Privacy - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\6e80zhyt.default\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-02-21]

Chrome:
=======
CHR HomePage: Default -> 7D0323E885882B4612C57DD946B5EF8BE97BF41B878FDC66BC6E93982F38D213
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchProvider: Default -> Yahoo
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_g.....891&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Ð´Ð¾ÐºÑƒÐ¼ÐľÐ½Ñ‚Ð¸) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google диск) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (Select & translate - context menu) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapcampblfdohlgnilfjbmhjijhflbjf [2014-05-11]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Google Ð¿Ñ€ÐľÑ‚Ñ€Ð°Ð³Ð°) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (Gmail ван Ð¼Ñ€ÐľÐśÐľ) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-02-12]
CHR Extension: (Grass on a Hill Theme) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfokdkohniebcmfpgapojgjjhfphnlni [2014-02-12]
CHR Extension: (Google Ð¿Ñ€Ð¾Ð²ÐľÑ€Ð° Ð¿Ð¾ÑˆÑ‚Ðľ) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-02-12]
CHR Extension: (Google новчаник) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Моја Chrome Ñ‚ÐľÐ¼Ð°) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-02-12]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\Telenor Internet\AssistantServices.exe [276224 2013-07-16] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-09-15] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 16:32 - 2014-09-15 16:33 - 00016864 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-15 16:31 - 2014-09-15 16:32 - 00000000 ___DC () C:\FRST
2014-09-15 16:27 - 2014-09-15 16:30 - 02105856 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-09-15 16:13 - 2014-09-15 16:13 - 00000979 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-09-15 16:01 - 2014-09-15 16:01 - 00002786 _____ () C:\Windows\System32\Tasks\HWiNFO
2014-09-15 15:49 - 2014-09-15 15:49 - 00262144 ____N () C:\Windows\Minidump\091514-48453-01.dmp
2014-09-05 15:42 - 2014-09-05 15:42 - 00262144 ____N () C:\Windows\Minidump\090514-41153-01.dmp
2014-09-03 22:34 - 2014-09-03 22:34 - 00000000 ___DC () C:\Qoobox
2014-09-03 22:33 - 2014-09-03 22:33 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 22:29 - 2014-09-03 22:29 - 00262144 ____N () C:\Windows\Minidump\090314-53679-01.dmp
2014-09-03 22:12 - 2014-09-03 22:23 - 00002603 _____ () C:\Users\Public\Desktop\ASUS MultiFrame.lnk
2014-09-03 22:12 - 2014-09-03 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-09-03 22:12 - 2014-09-03 22:12 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-09-03 21:26 - 2014-09-03 21:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 21:26 - 2014-09-03 21:26 - 00000000 _____ () C:\Windows\setupact.log
2014-09-03 21:09 - 2014-09-03 21:09 - 00262144 ____N () C:\Windows\Minidump\090314-63383-01.dmp
2014-09-03 20:29 - 2014-09-03 20:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-03 20:29 - 2014-09-03 20:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-03 18:42 - 2014-09-03 20:29 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 18:42 - 2014-09-03 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-03 18:42 - 2014-09-03 18:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\TuneUp Software
2014-09-03 18:36 - 2014-09-03 18:36 - 00000000 ____D () C:\Users\User1\AppData\Roaming\AVG2014
2014-09-03 18:33 - 2014-09-03 18:33 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 18:21 - 2014-09-03 18:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-03 18:21 - 2014-09-03 18:21 - 00000000 __HDC () C:\$AVG
2014-09-03 18:20 - 2014-09-03 18:20 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-03 17:58 - 2014-09-15 15:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-03 17:58 - 2014-09-03 22:37 - 00000000 ____D () C:\Users\User1\AppData\Local\Avg2014
2014-09-03 17:58 - 2014-09-03 17:58 - 00000000 ____D () C:\Users\User1\AppData\Local\MFAData
2014-09-03 17:57 - 2014-09-03 22:18 - 00143260 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 20:57 - 2014-08-23 08:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 20:23 - 2014-09-01 20:25 - 00000000 ____D () C:\Windows\rescache
2014-08-22 14:57 - 2014-08-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 14:56 - 2014-09-01 18:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 14:56 - 2014-09-01 18:43 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 14:56 - 2014-09-01 18:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 14:56 - 2014-09-01 18:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 14:56 - 2014-08-27 12:23 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 14:56 - 2014-08-27 12:23 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 17:40 - 2014-08-20 17:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 16:33 - 2014-09-15 16:32 - 00016864 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-15 16:32 - 2014-09-15 16:31 - 00000000 ___DC () C:\FRST
2014-09-15 16:30 - 2014-09-15 16:27 - 02105856 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-09-15 16:24 - 2014-02-21 23:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 16:21 - 2012-07-26 09:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 16:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\tracing
2014-09-15 16:13 - 2014-09-15 16:13 - 00000979 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-09-15 16:09 - 2014-02-10 06:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-845652905-1625356230-1284573450-1001
2014-09-15 16:05 - 2014-05-13 21:53 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-15 16:05 - 2014-02-10 20:20 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 16:04 - 2014-07-28 18:14 - 00000000 ____D () C:\ProgramData\MCShield
2014-09-15 16:03 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 16:02 - 2012-07-26 07:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-09-15 16:01 - 2014-09-15 16:01 - 00002786 _____ () C:\Windows\System32\Tasks\HWiNFO
2014-09-15 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-15 15:56 - 2014-02-10 20:20 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 15:49 - 2014-09-15 15:49 - 00262144 ____N () C:\Windows\Minidump\091514-48453-01.dmp
2014-09-15 15:49 - 2014-02-10 06:16 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 15:28 - 2014-09-03 17:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 09:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-10 13:44 - 2014-02-21 23:23 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 08:30 - 2014-02-10 20:23 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-05 15:42 - 2014-09-05 15:42 - 00262144 ____N () C:\Windows\Minidump\090514-41153-01.dmp
2014-09-05 08:45 - 2014-02-21 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 22:37 - 2014-09-03 17:58 - 00000000 ____D () C:\Users\User1\AppData\Local\Avg2014
2014-09-03 22:34 - 2014-09-03 22:34 - 00000000 ___DC () C:\Qoobox
2014-09-03 22:33 - 2014-09-03 22:33 - 00000000 ____D () C:\Windows\erdnt
2014-09-03 22:29 - 2014-09-03 22:29 - 00262144 ____N () C:\Windows\Minidump\090314-53679-01.dmp
2014-09-03 22:23 - 2014-09-03 22:12 - 00002603 _____ () C:\Users\Public\Desktop\ASUS MultiFrame.lnk
2014-09-03 22:23 - 2014-09-03 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-09-03 22:18 - 2014-09-03 17:57 - 00143260 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 22:12 - 2014-09-03 22:12 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-09-03 21:26 - 2014-09-03 21:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-03 21:26 - 2014-09-03 21:26 - 00000000 _____ () C:\Windows\setupact.log
2014-09-03 21:09 - 2014-09-03 21:09 - 00262144 ____N () C:\Windows\Minidump\090314-63383-01.dmp
2014-09-03 20:40 - 2014-02-10 06:17 - 00000000 ____D () C:\Users\User1
2014-09-03 20:29 - 2014-09-03 20:29 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-03 20:29 - 2014-09-03 20:29 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-03 20:29 - 2014-09-03 18:42 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 20:29 - 2014-09-03 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-03 18:45 - 2014-09-03 18:21 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-03 18:42 - 2014-09-03 18:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\TuneUp Software
2014-09-03 18:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-09-03 18:36 - 2014-09-03 18:36 - 00000000 ____D () C:\Users\User1\AppData\Roaming\AVG2014
2014-09-03 18:33 - 2014-09-03 18:33 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-03 18:21 - 2014-09-03 18:21 - 00000000 __HDC () C:\$AVG
2014-09-03 18:20 - 2014-09-03 18:20 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-03 17:58 - 2014-09-03 17:58 - 00000000 ____D () C:\Users\User1\AppData\Local\MFAData
2014-09-02 21:18 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-01 20:25 - 2014-09-01 20:23 - 00000000 ____D () C:\Windows\rescache
2014-09-01 18:43 - 2014-08-22 14:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 18:43 - 2014-08-22 14:56 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 18:43 - 2014-08-22 14:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 18:43 - 2014-08-22 14:56 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-27 12:23 - 2014-08-22 14:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 12:23 - 2014-08-22 14:56 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 08:47 - 2014-09-01 20:57 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 17:42 - 2014-08-20 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 09:41

==================== End Of Log ============================

Poslao: 16 Sep 2014 00:39
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Pozdrav,

Nema aktivne infekcije. Uklonicemo samo neke ostatke ...


Takodje sto bih napomenuo, 03.09.'14 je pokretan ComboFix. ComboFix nije obican scanner i helper zajednica uz podrsku autora programa licno izricito naglasava da ovakvo pustanje alata tipa "da vidim hoce li sta naci" nije preporucivo. To je alat koji koristi naprednu tehniku u nameri za detekciju i uklanjanje malware-a i samo obucen helper moze protumaciti njegove izvestaje koji su uzgred veoma bitni.

Isto tako, preporuka da se na Windows 8 sistemu ne koriste raznorazni "TuneUp" programi. Oni nece doprineti poboljsanje rada samog sistema (kada je Windows 8/8.1 u pitanju) kao sto to tvrde, vec ce uciniti upravo obrnutu stvar.

Sledeci FixList ce ukloniti samo neke ostatke i ocistiti smece. Vidim da ima MCShield instaliran. Ostavi ga aktiviranim u nameri da proveri sve USB memorijske uredjaje.

Po izvrsenju scripte, obavezno odradi Windows Update! Windows 8 i Windows 8.1 nije isto, a upgrade je besplatan. Za vise informacija posetiti ovu temu.
Vidim da je ovaj sistem doziveo i par BSOD udara. Po upgrade na Windwos 8.1 a kasnije i na Windows 8.1 Update, ako se BSOD i dalje dogodi, otvori novu temu u Window forumu, iznesi problem tako da kolege sa tog dela foruma mogu da urade BSOD analizu.




.





1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
Folder: C:\Qoobox
CloseProcesses:
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a0840-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a087e-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a14c6-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {335a14ed-9284-11e3-be69-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {3a7674af-d552-11e3-be6f-8aaa83c00a51} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {838302d7-14b1-11e4-bea5-c8948d4833ee} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {8de23ab0-9b57-11e3-be6d-9dc70bfdc02d} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {8de23b74-9b57-11e3-be6d-9dc70bfdc02d} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95603778-9c9e-11e3-be6e-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {956037b3-9c9e-11e3-be6e-001999250105} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95603eb8-9c9e-11e3-be6e-001e101f80ed} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {95604c6b-9c9e-11e3-be6e-001e101f80ed} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {b24cd441-167b-11e4-bea7-001999250105} - "F:\Windows/AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {c56655a1-9589-11e3-be6a-001e101fa621} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70ecf4-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70efa3-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
HKU\S-1-5-21-845652905-1625356230-1284573450-1001\...\MountPoints2: {df70f176-9b23-11e3-be6c-001e101f1112} - "F:\AutoRun.exe"
Hosts:
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {D4409888-F2F6-47FF-AD9F-6C39FEB5F8F8} - \AmiUpdXp No Task File <==== ATTENTION
CMD: type c:\combofix.txt
EmptyTemp:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

Poslao: 16 Sep 2014 14:23
Idi na vrh
offline
  • Miroljub Čeperković
  • mašinska
  • Pridružio: 20 Mar 2012
  • Poruke: 2181
  • Gde živiš: Vrnjačka Banja

Napisano: 16 Sep 2014 1:22

Dobro odradiću i update na 8.1 da ispravim neke greške i izbrisati neke programe

Dopuna: 16 Sep 2014 14:23

Da dodam
evo Fixlog izveštaja
https://www.mycity.rs/must-login.png

Poslao: 16 Sep 2014 15:34
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Nista, to je to. Obrisi FRST alat i sve njegove izvestaje. Takodje, obrisi C:\FRST i C:\Qoobox foldere.

Odradi ostale korake a sto se tice Ambulante, mi smo zavrsili. Wink

MyCity » Ambulanta -> Arhiva Ambulante » PROVERA

Ko je trenutno na forumu
 

Ukupno su 1139 korisnika na forumu :: 37 registrovanih, 11 sakrivenih i 1091 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, airsuba, antonije64, Apok, bobomicek, bufanje, cenejac111, darkojbn, dozorni, draganl, Duh sa sekirom, dushan, hatman, hologram, HrcAk47, Ivica1102, janbo, Kaplar2, Karla, LUDI, mercedesamg, Milos82, MilosKop, milutin134, minmatar34957, nenad81, ozzy, raptorsi, ruger357, Shinobi, Srle993, stegonosa, uruk, Valter071, wizzardone, xaver, |_MeD_|