Napisano: 02 Nov 2013 21:17
Sass Drake ::Zašto nemaš instaliran SP1?
Ne znam, a pravo da ti kažem nisam ni obraćao pažnju na to. Sistem je instaliran sa CD-a koji sam dobio uz računar.
Dopuna: 02 Nov 2013 21:18
Evo fajla Addition, sad čekam da završi sa skeniranjem da okačim i drugi.
https://www.mycity.rs/must-login.png
Dopuna: 02 Nov 2013 21:19
Evo i FRST izveštaja.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by viki (administrator) on VIKI-PC on 02-11-2013 21:15:22
Running from C:\Users\viki\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flux Software LLC) C:\Users\viki\AppData\Local\FluxSoftware\Flux\flux.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [F.lux] - C:\Users\viki\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Download keePer - {69252BD3-8AD4-0A92-056D-16BA2854D5E0} - C:\Program Files (x86)\Download keePer\xLSXzgSA.x64.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: https://www.google.com/
CHR RestoreOnStartup: "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Download keePer) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\illhkdcofgkbmpnddmddjnjmmclcjkoo\1.6
CHR Extension: (Google Wallet) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
U3 kxldypod; \??\C:\Users\viki\AppData\Local\Temp\kxldypod.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-02 21:15 - 2013-11-02 21:15 - 00000000 ____D C:\FRST
2013-11-02 21:15 - 2013-11-02 21:14 - 01957098 _____ (Farbar) C:\Users\viki\Desktop\FRST64.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 01957098 _____ (Farbar) C:\Users\viki\Downloads\FRST64.exe
2013-11-02 17:07 - 2013-11-02 17:07 - 00377856 _____ C:\Users\viki\Downloads\kkecou5v.exe
2013-11-02 16:45 - 2013-11-02 16:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-11-01 23:09 - 2013-11-01 23:09 - 00109296 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 23:09 - 2013-11-01 23:09 - 00109296 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 23:09 - 2013-11-01 23:09 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-11-01 23:09 - 2013-11-01 23:09 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-11-01 23:00 - 2013-11-01 23:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-01 23:00 - 2013-11-01 23:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-01 21:23 - 2013-11-01 22:49 - 00000000 ____D C:\ProgramData\Download keePer
2013-11-01 21:23 - 2013-11-01 22:49 - 00000000 ____D C:\Program Files (x86)\Download keePer
2013-11-01 21:23 - 2013-11-01 21:23 - 00000000 ____D C:\Users\viki\AppData\Local\Packages
2013-11-01 21:23 - 2013-11-01 21:23 - 00000000 ____D C:\ProgramData\69c950a8a054a9d4
2013-11-01 21:22 - 2013-11-01 21:22 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-01 21:14 - 2013-11-01 21:14 - 00000792 _____ C:\Users\viki\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-01 21:13 - 2013-11-02 16:41 - 00000000 ____D C:\Users\viki\AppData\Roaming\uTorrent
2013-10-19 16:17 - 2013-10-19 16:17 - 00000000 ____D C:\Users\viki\AppData\Local\FluxSoftware
2013-10-04 22:13 - 2013-11-02 16:41 - 00000000 ____D C:\Users\viki\AppData\Roaming\Notepad++
2013-10-04 22:13 - 2013-10-04 22:14 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-10-04 22:13 - 2013-10-04 22:13 - 00000000 ____D C:\Users\viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-04 18:35 - 2013-10-12 15:27 - 00000000 ____D C:\Windows\system32\MRT
2013-10-04 18:35 - 2013-10-12 15:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-04 18:30 - 2013-10-04 18:30 - 00000000 ____D C:\Program Files (x86)\Arcanum Adatbázis
==================== One Month Modified Files and Folders =======
2013-11-02 21:15 - 2013-11-02 21:15 - 00000000 ____D C:\FRST
2013-11-02 21:14 - 2013-11-02 21:15 - 01957098 _____ (Farbar) C:\Users\viki\Desktop\FRST64.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 01957098 _____ (Farbar) C:\Users\viki\Downloads\FRST64.exe
2013-11-02 21:06 - 2013-09-24 11:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-02 21:02 - 2013-09-24 09:29 - 01711898 _____ C:\Windows\WindowsUpdate.log
2013-11-02 18:35 - 2013-09-24 11:09 - 00000000 ____D C:\ProgramData\MFAData
2013-11-02 18:06 - 2013-09-24 12:35 - 00000000 ____D C:\ProgramData\Skype
2013-11-02 17:58 - 2013-09-24 18:43 - 00000000 ____D C:\ProgramData\Adobe
2013-11-02 17:07 - 2013-11-02 17:07 - 00377856 _____ C:\Users\viki\Downloads\kkecou5v.exe
2013-11-02 17:02 - 2013-09-24 18:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-02 17:00 - 2013-09-24 18:47 - 00000000 ____D C:\Users\viki\AppData\Roaming\Adobe
2013-11-02 16:45 - 2013-11-02 16:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-11-02 16:45 - 2013-09-24 11:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-02 16:44 - 2009-07-14 06:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-02 16:44 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-02 16:44 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-02 16:41 - 2013-11-01 21:13 - 00000000 ____D C:\Users\viki\AppData\Roaming\uTorrent
2013-11-02 16:41 - 2013-10-04 22:13 - 00000000 ____D C:\Users\viki\AppData\Roaming\Notepad++
2013-11-02 16:40 - 2013-09-24 18:41 - 00000000 ____D C:\Users\viki\AppData\Local\Adobe
2013-11-02 16:40 - 2013-09-24 12:36 - 00000000 ____D C:\Users\viki\AppData\Roaming\Skype
2013-11-02 16:39 - 2013-09-24 11:03 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-02 16:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-01 23:11 - 2013-09-24 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-01 23:09 - 2013-11-01 23:09 - 00109296 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 23:09 - 2013-11-01 23:09 - 00109296 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 23:09 - 2013-11-01 23:09 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-11-01 23:09 - 2013-11-01 23:09 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-11-01 23:00 - 2013-11-01 23:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-01 23:00 - 2013-11-01 23:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-01 22:49 - 2013-11-01 21:23 - 00000000 ____D C:\ProgramData\Download keePer
2013-11-01 22:49 - 2013-11-01 21:23 - 00000000 ____D C:\Program Files (x86)\Download keePer
2013-11-01 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-01 21:23 - 2013-11-01 21:23 - 00000000 ____D C:\Users\viki\AppData\Local\Packages
2013-11-01 21:23 - 2013-11-01 21:23 - 00000000 ____D C:\ProgramData\69c950a8a054a9d4
2013-11-01 21:22 - 2013-11-01 21:22 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-01 21:14 - 2013-11-01 21:14 - 00000792 _____ C:\Users\viki\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-01 14:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-01 12:47 - 2013-09-24 18:23 - 00000000 ____D C:\Users\viki\Documents\Visual Studio 2010
2013-11-01 10:15 - 2013-09-24 11:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-01 09:01 - 2013-09-24 11:03 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-01 09:00 - 2013-09-24 11:03 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-19 16:17 - 2013-10-19 16:17 - 00000000 ____D C:\Users\viki\AppData\Local\FluxSoftware
2013-10-19 16:17 - 2013-09-24 18:03 - 00000000 ____D C:\Users\viki\AppData\Local\Apps\F.lux
2013-10-12 15:27 - 2013-10-04 18:35 - 00000000 ____D C:\Windows\system32\MRT
2013-10-12 15:22 - 2013-10-04 18:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-04 23:22 - 2013-09-28 17:16 - 00000000 ____D C:\Users\viki\.VirtualBox
2013-10-04 23:16 - 2013-09-28 17:19 - 00000000 ____D C:\Users\viki\VirtualBox VMs
2013-10-04 22:56 - 2013-09-27 21:44 - 00000000 ____D C:\Users\viki\Documents\Kopije registratora
2013-10-04 22:47 - 2013-09-24 19:23 - 00000000 ____D C:\Windows\Panther
2013-10-04 22:14 - 2013-10-04 22:13 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-10-04 22:13 - 2013-10-04 22:13 - 00000000 ____D C:\Users\viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-04 18:30 - 2013-10-04 18:30 - 00000000 ____D C:\Program Files (x86)\Arcanum Adatbázis
Some content of TEMP:
====================
C:\Users\viki\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\viki\AppData\Local\Temp\down.4196.assistant_v3.exe
C:\Users\viki\AppData\Local\Temp\TsuE75136E4.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-01 14:18
==================== End Of Log ============================
|