Sta je coin miner? Macromedia

1

Sta je coin miner? Macromedia

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1011

Pozdrav imam jedan problem kad otvorim task manager ima jedan program coin miner koji uvek trosi sve resorse kompjutera i uvek mi dode na 100% CPU.Mozete mi pomoci kako to da uklonim jer svaki put kad iskljucim taj program opet se pojavi Sad Imam AVG 2014 i kaze da nema virusa i da to nije virus ali zasto onda non stop trosi 100%? Cak i kad laptop miruje on trosi 100% CPU! Molim vas pomozite!





DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
Run by Metallica41 at 14:25:32 on 2014-01-08
Microsoft Windows 8 6.2.9200.0.1250.381.2057.18.1932.773 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\BackgroundTransferHost.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Metallica41\AppData\Roaming\WindowsHelp\macromedia.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SE] "C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
uRun: [uTorrent] "C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\METALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1}\35C61667B6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1}\77830323D21607164796E6D237563623 : DHCPNameServer = 93.186.64.12 93.186.74.12
TCP: Interfaces\{09E26668-D028-4329-9621-0EFFB961AA24} : DHCPNameServer = 40.54.1.201 40.54.1.203
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-4-16 65784]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-8-28 110744]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-8-28 2206352]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
.
=============== Created Last 30 ================
.
2014-01-08 13:01:56 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2014-01-08 13:01:56 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2014-01-08 13:01:56 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2014-01-08 13:01:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2014-01-08 13:01:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-01-08 13:01:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2014-01-08 13:01:56 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2014-01-08 13:01:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2014-01-08 13:01:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2014-01-08 11:39:19 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\AVG2014
2014-01-08 11:38:31 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\TuneUp Software
2014-01-08 11:37:53 -------- d--h--w- C:\$AVG
2014-01-08 11:37:53 -------- d-----w- C:\ProgramData\AVG2014
2014-01-08 11:37:41 -------- d-----w- C:\Program Files (x86)\AVG
2014-01-08 11:34:11 -------- d-----w- C:\Users\Metallica41\AppData\Local\MFAData
2014-01-08 11:34:11 -------- d-----w- C:\Users\Metallica41\AppData\Local\Avg2014
2014-01-08 11:34:11 -------- d-----w- C:\ProgramData\MFAData
2014-01-08 08:10:40 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89BD74A5-7393-4EB7-AB49-6C306AB5E90F}\mpengine.dll
2014-01-07 10:42:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2014-01-06 21:46:30 -------- d-----w- C:\ProgramData\Media Center Programs
2014-01-06 21:46:26 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2014-01-06 16:20:39 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-01-06 16:20:39 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-01-06 14:48:32 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-06 14:48:32 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B098CD18-F97F-4C0E-9595-DF506E2903A8}\mpengine.dll
2014-01-04 15:54:40 -------- d-----w- C:\Program Files (x86)\SpeedFan
2014-01-02 16:10:18 -------- d-----w- C:\Program Files\CCleaner
2013-12-25 00:21:46 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-12-25 00:21:45 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-12-25 00:21:45 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-12-25 00:21:45 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-12-25 00:21:39 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-12-25 00:19:19 304128 ----a-w- C:\Windows\IsUninst.exe
2013-12-24 22:12:10 -------- d-----w- C:\Program Files (x86)\NewSoftware's
2013-12-24 20:14:37 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\IObit
2013-12-24 20:14:37 -------- d-----w- C:\ProgramData\IObit
2013-12-24 20:14:33 -------- d-----w- C:\ProgramData\ProductData
2013-12-24 20:14:25 -------- d-----w- C:\Program Files (x86)\IObit
2013-12-12 22:29:57 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-12 22:29:56 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-12-12 22:29:55 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-12-12 22:29:55 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-12 22:29:55 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-12 22:29:55 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-12 10:28:48 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-12 10:28:47 5632 ----a-w- C:\Windows\System32\drivers\drmkaud.sys
2013-12-12 10:28:47 370176 ----a-w- C:\Windows\System32\SysFxUI.dll
2013-12-12 10:28:47 1636672 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2013-12-12 10:28:47 111616 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-12 10:27:34 222720 ----a-w- C:\Windows\System32\scrobj.dll
2013-12-12 10:27:34 143872 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 10:27:33 194048 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 10:27:33 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 10:27:33 146944 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 10:27:33 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-12 10:27:32 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
2013-12-12 09:17:33 312320 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 09:17:32 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-12 09:17:31 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-12 09:17:31 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-12 09:17:28 4036608 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 07:56:19 62976 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 07:56:18 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2014-01-08 08:11:06 387 ----a-w- C:\Users\Metallica41\AppData\Roaming\sp_data.sys
2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-05 20:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-04 20:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-10-31 22:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-10-31 21:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-25 22:09:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-24 21:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-21 21:28:28 252728 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys
.
============= FINISH: 14:27:18,45 ===============

Attach:
https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062



Bitcoin miner je nama poznat malware, uklonicemo mi to. Moguce da to nije jedina aktivna infekcija ovde. No pre nego sto krenemo sa uklanjanjem potrebno je da prikupimo dodatne informacije koje ce nam omoguciti da ucitamo bas svaki maliciozni loading point.






Arrow Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.


dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl





=========================================
Potom ...




Arrow Preuzmi program GMER, RootKit Detektor i sačuvati ga na Desktop:
Napomena: alat nosi nasumice generisan naziv. Na samoj ikonici će jasno pisati GMER.


Dvoklikom pokreni GMER.
Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No;
klikni dugme [Scan] i sačekaj da skeniranje bude završeno;
klikni dugme [Save ...] - izveštaj sačuvaj na Desktop pod nazivom ARK;

kliknite taster >>> i odaberite Autostart karticu;
klikni dugme [Scan];
po završetku kratkotrajnog skeniranja, klikni [Copy];
otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop pod nazivom autostart;



Priloži oba GMER izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1011

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014
Ran by Metallica41 (administrator) on FIKO on 08-01-2014 14:46:49
Running from C:\Users\Metallica41\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Ufasoft) C:\Users\Metallica41\AppData\Roaming\WindowsHelp\macromedia.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons)
HKCU\...\Run: [uTorrent] - C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe [1309016 2014-01-06] (BitTorrent Inc.)
MountPoints2: F - "F:\OblivionLauncher.exe"
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default
FF Homepage: https://www.google.rs/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net
FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 hexmagic; \??\C:\Windows\system32\drivers\hexmagic.sys [x]
U0 msahci;
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 14:46 - 2014-01-08 14:47 - 00011681 _____ C:\Users\Metallica41\Downloads\FRST.txt
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\FRST
2014-01-08 14:44 - 2014-01-08 14:45 - 01932624 _____ (Farbar) C:\Users\Metallica41\Downloads\FRST64.exe
2014-01-08 14:27 - 2014-01-08 14:27 - 00016748 _____ C:\Users\Metallica41\Desktop\dds.txt
2014-01-08 14:27 - 2014-01-08 14:27 - 00003713 _____ C:\Users\Metallica41\Desktop\attach.txt
2014-01-08 14:24 - 2014-01-08 14:25 - 00688992 ____R (Swearware) C:\Users\Metallica41\Downloads\dds.scr
2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk
2014-01-08 14:02 - 2014-01-08 14:03 - 00028236 _____ C:\Windows\DirectX.log
2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014
2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software
2014-01-08 12:37 - 2014-01-08 12:38 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-08 12:34 - 2014-01-08 12:56 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014
2014-01-08 12:34 - 2014-01-08 12:55 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData
2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk
2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-06 15:34 - 2014-01-07 15:32 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED
2014-01-04 16:54 - 2014-01-06 15:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk
2014-01-04 16:04 - 2014-01-04 16:05 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted
2014-01-03 00:22 - 2014-01-07 03:52 - 00005034 _____ C:\Windows\PFRO.log
2014-01-03 00:22 - 2014-01-03 00:23 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 11:47 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2014-01-01 11:47 - 2014-01-04 16:54 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153}
2013-12-25 01:52 - 2013-12-26 00:42 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4)
2013-12-25 01:19 - 2013-12-25 01:20 - 00000318 _____ C:\Windows\SIERRA.INI
2013-12-25 01:19 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2013-12-24 23:23 - 2013-12-25 01:54 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat
2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2013-12-24 21:14 - 2014-01-03 00:24 - 00000000 ____D C:\ProgramData\ProductData
2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit
2013-12-14 22:53 - 2013-12-14 23:24 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data
2013-12-14 22:45 - 2014-01-05 21:00 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data
2013-12-14 22:44 - 2013-12-14 22:51 - 00000983 _____ C:\Windows\eReg.dat
2013-12-14 08:02 - 2013-12-24 21:17 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk
2013-12-14 07:58 - 2013-12-14 08:02 - 00000965 _____ C:\Windows\Rtcw.INI
2013-12-14 00:20 - 2013-12-14 00:21 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip
2013-12-12 23:30 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 23:30 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 23:30 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 23:30 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 23:30 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 23:30 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 23:29 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-12 23:29 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 23:29 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 23:29 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 23:27 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-12 23:27 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-12 23:27 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-12 23:27 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-12 23:27 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-12 23:27 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-12 23:27 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-12 23:27 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-12 23:27 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-12 23:27 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-12 23:27 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-12 23:27 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-12 23:27 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-12 23:27 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-12 11:28 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 11:28 - 2012-10-11 08:02 - 01636672 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2013-12-12 11:28 - 2012-10-11 06:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 11:28 - 2012-10-11 06:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2013-12-12 11:28 - 2012-10-11 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 11:27 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 11:27 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-12 11:27 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 11:27 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 11:27 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 11:27 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-12 11:27 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:17 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:17 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 10:17 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:17 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:17 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 08:56 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

==================== One Month Modified Files and Folders =======

2014-01-08 14:47 - 2014-01-08 14:46 - 00011681 _____ C:\Users\Metallica41\Downloads\FRST.txt
2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\FRST
2014-01-08 14:45 - 2014-01-08 14:44 - 01932624 _____ (Farbar) C:\Users\Metallica41\Downloads\FRST64.exe
2014-01-08 14:45 - 2013-11-09 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 14:30 - 2012-10-24 22:03 - 01223035 _____ C:\Windows\WindowsUpdate.log
2014-01-08 14:27 - 2014-01-08 14:27 - 00016748 _____ C:\Users\Metallica41\Desktop\dds.txt
2014-01-08 14:27 - 2014-01-08 14:27 - 00003713 _____ C:\Users\Metallica41\Desktop\attach.txt
2014-01-08 14:25 - 2014-01-08 14:24 - 00688992 ____R (Swearware) C:\Users\Metallica41\Downloads\dds.scr
2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk
2014-01-08 14:03 - 2014-01-08 14:02 - 00028236 _____ C:\Windows\DirectX.log
2014-01-08 14:01 - 2013-03-25 18:48 - 00000000 ____D C:\Users\Metallica41\Documents\My Games
2014-01-08 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-08 13:49 - 2013-11-02 06:47 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\uTorrent
2014-01-08 13:09 - 2013-11-08 20:46 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\WindowsHelp
2014-01-08 12:56 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014
2014-01-08 12:55 - 2014-01-08 12:34 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 12:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014
2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software
2014-01-08 12:38 - 2014-01-08 12:37 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-08 12:38 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData
2014-01-08 12:20 - 2013-06-09 18:00 - 00000000 ____D C:\Users\Metallica41\Desktop\New folder (2)
2014-01-08 09:11 - 2013-09-06 22:59 - 00000387 _____ C:\Users\Metallica41\AppData\Roaming\sp_data.sys
2014-01-07 15:32 - 2014-01-06 15:34 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED
2014-01-07 14:00 - 2013-11-16 14:30 - 00000000 ____D C:\Users\Metallica41\Downloads\New folder
2014-01-07 12:54 - 2013-09-07 20:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-473922799-1250382268-3828485289-1001
2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-01-07 03:52 - 2014-01-03 00:22 - 00005034 _____ C:\Windows\PFRO.log
2014-01-07 03:52 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk
2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-06 15:59 - 2014-01-04 16:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-05 21:00 - 2013-12-14 22:45 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data
2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk
2014-01-04 16:54 - 2014-01-01 11:47 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2014-01-04 16:54 - 2014-01-01 11:47 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-04 16:05 - 2014-01-04 16:04 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted
2014-01-03 00:24 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\ProductData
2014-01-03 00:23 - 2014-01-03 00:22 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-03 00:22 - 2013-12-24 21:14 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-02 17:21 - 2013-09-06 23:37 - 00000000 ____D C:\Windows.old
2014-01-02 17:20 - 2013-11-24 20:53 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2014-01-02 17:20 - 2013-10-11 15:06 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cs 1.6 Background Maker v3.0
2014-01-02 17:19 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153}
2013-12-26 00:42 - 2013-12-25 01:52 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4)
2013-12-25 01:54 - 2013-12-24 23:23 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat
2013-12-25 01:22 - 2012-10-24 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 01:20 - 2013-12-25 01:19 - 00000318 _____ C:\Windows\SIERRA.INI
2013-12-25 00:00 - 2013-10-11 20:10 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Skype
2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2013-12-24 21:17 - 2013-12-14 08:02 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2013-12-24 21:15 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit
2013-12-17 23:04 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-14 23:24 - 2013-12-14 22:53 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data
2013-12-14 22:51 - 2013-12-14 22:44 - 00000983 _____ C:\Windows\eReg.dat
2013-12-14 20:56 - 2013-11-30 10:03 - 00000000 ____D C:\Users\Metallica41\Downloads\Guitar Pro 5
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk
2013-12-14 08:02 - 2013-12-14 07:58 - 00000965 _____ C:\Windows\Rtcw.INI
2013-12-14 00:21 - 2013-12-14 00:20 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip
2013-12-13 16:40 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:28 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-12-13 10:21 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-12 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-10 19:45 - 2013-11-09 15:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Metallica41\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Metallica41\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Metallica41\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Metallica41\AppData\Local\Temp\sfextra.dll
C:\Users\Metallica41\AppData\Local\Temp\SRLDetectionLibrary6277013301442389629.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 12:49

==================== End Of Log ============================

addition:
https://www.mycity.rs/must-login.png

Ne mogu gmer da okacim jer kad god pokrenem gmer ono zablokira laptop i pise ''your computer has run into a pc error'' i onda se resetuje Sad tako da gmer ne mogu izvini!

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5309
  • Gde živiš: Beograd

Arrow Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit)
HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net
FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net
2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit
C:\ProgramData\SetStretch.exe
C:\Users\Metallica41\AppData\Local\Temp\*.dll
C:\Users\Metallica41\AppData\Roaming\WindowsHelp
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net
C:\Users\Metallica41\AppData\Roaming\SkypEmoticons


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Potrebno je da fixlog.txt kopiras na forum
Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.




Arrow Ponovo pokreni FRST i postavi mi svež log.




Ivance95 (AMF Tim)

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1011

Napisano: 08 Jan 2014 20:53

Nece brate uvek pise fixlist.txt should be in the same directory as tool.Ja stavim ali dzabe nece pa nece.Ionako sam primetio da malware vise nema jer coin miner se vise ne pojavljuje,pa me zanima da li i dalje moram da nastavim sa ovim jer AVG mi je pronasao 2 virusa i obrisao ih.

Dopuna: 08 Jan 2014 20:54

Da li moram nastaviti?

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Izvinjavam se sto upadam kolegi u temi no kolega trenutno ima privatne obaveze ...

Da ne cekas ...

Citat:Running from C:\Users\Metallica41\Downloads

Originalni FRST se nalazi u Download folderu. Lepo ti kaze, FixList mora da se nalazi u istom direktorijumu (lokacija) gde se nalazi i FRST.exe

Prebaci FRST.exe na Desktop, formiraj FixList.txt i sacuvaj na Desktop pa izvrsi FRST preko dugmeta Fix kao sto se navodi u uputstvu.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1011

Napisano: 08 Jan 2014 21:08

Ok hvala znao sam nego nisam vidim ima neki folder u C: ali evo uradicu!

Dopuna: 08 Jan 2014 21:20

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
Ran by Metallica41 at 2014-01-08 21:10:01 Run:1
Running from C:\Users\Metallica41\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit)
HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net
FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net
2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit
2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit
C:\ProgramData\SetStretch.exe
C:\Users\Metallica41\AppData\Local\Temp\*.dll
C:\Users\Metallica41\AppData\Roaming\WindowsHelp
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net
C:\Users\Metallica41\AppData\Roaming\SkypEmoticons
*****************

[2028] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => Process closed successfully.
C:\Windows\System32\wscript.exe => No running process found
LiveUpdateSvc => Service deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SE => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key deleted successfully.
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net => Moved successfully.
C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\Users\Metallica41\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\Users\Metallica41\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Metallica41\AppData\Roaming\WindowsHelp => Moved successfully.
"C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net" => File/Directory not found.
"C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net" => File/Directory not found.
C:\Users\Metallica41\AppData\Roaming\SkypEmoticons => Moved successfully.


The system needs a manual reboot.

FRST:

==== End of Fixlog ====





https://www.mycity.rs/must-login.png



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Metallica41 (administrator) on FIKO on 08-01-2014 21:16:20
Running from C:\Users\Metallica41\Desktop
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [uTorrent] - C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe [1309016 2014-01-06] (BitTorrent Inc.)
MountPoints2: F - "F:\OblivionLauncher.exe"
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
ShortcutTarget: Skype.lnk -> C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default
FF Homepage: https://www.google.rs/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 hexmagic; \??\C:\Windows\system32\drivers\hexmagic.sys [x]
U0 msahci;
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 21:16 - 2014-01-08 21:16 - 00010538 _____ C:\Users\Metallica41\Desktop\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00448512 _____ (OldTimer Tools) C:\Users\Metallica41\Downloads\TFC.exe
2014-01-08 21:09 - 2014-01-08 21:09 - 01931770 _____ (Farbar) C:\Users\Metallica41\Desktop\FRST64.exe
2014-01-08 20:50 - 2014-01-08 21:10 - 00000000 ____D C:\FRST
2014-01-08 15:00 - 2014-01-08 15:01 - 00283800 _____ C:\Windows\Minidump\010814-61562-01.dmp
2014-01-08 14:56 - 2014-01-08 15:00 - 00000000 ____D C:\Windows\Minidump
2014-01-08 14:56 - 2014-01-08 14:56 - 00262144 _____ C:\Windows\Minidump\010814-54937-01.dmp
2014-01-08 14:55 - 2014-01-08 15:00 - 327547873 _____ C:\Windows\MEMORY.DMP
2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk
2014-01-08 14:02 - 2014-01-08 14:03 - 00028236 _____ C:\Windows\DirectX.log
2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014
2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software
2014-01-08 12:37 - 2014-01-08 12:38 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-08 12:34 - 2014-01-08 17:05 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 12:34 - 2014-01-08 12:56 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014
2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData
2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk
2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-06 15:34 - 2014-01-07 15:32 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED
2014-01-04 16:54 - 2014-01-06 15:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk
2014-01-04 16:04 - 2014-01-04 16:05 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted
2014-01-03 00:22 - 2014-01-07 03:52 - 00005034 _____ C:\Windows\PFRO.log
2014-01-03 00:22 - 2014-01-03 00:23 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 11:47 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2014-01-01 11:47 - 2014-01-04 16:54 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153}
2013-12-25 01:52 - 2013-12-26 00:42 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4)
2013-12-25 01:19 - 2013-12-25 01:20 - 00000318 _____ C:\Windows\SIERRA.INI
2013-12-25 01:19 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2013-12-24 23:23 - 2013-12-25 01:54 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat
2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2013-12-24 21:14 - 2014-01-03 00:24 - 00000000 ____D C:\ProgramData\ProductData
2013-12-14 22:53 - 2013-12-14 23:24 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data
2013-12-14 22:45 - 2014-01-05 21:00 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data
2013-12-14 22:44 - 2013-12-14 22:51 - 00000983 _____ C:\Windows\eReg.dat
2013-12-14 08:02 - 2013-12-24 21:17 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk
2013-12-14 07:58 - 2013-12-14 08:02 - 00000965 _____ C:\Windows\Rtcw.INI
2013-12-14 00:20 - 2013-12-14 00:21 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip
2013-12-12 23:30 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 23:30 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 23:30 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 23:30 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 23:30 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 23:30 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 23:30 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 23:30 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 23:29 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-12 23:29 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 23:29 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 23:29 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 23:27 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-12 23:27 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-12 23:27 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-12 23:27 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-12 23:27 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-12 23:27 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-12 23:27 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-12 23:27 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-12 23:27 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-12 23:27 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-12 23:27 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-12 23:27 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-12 23:27 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-12 23:27 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-12 23:27 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-12 23:27 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-12 11:28 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 11:28 - 2012-10-11 08:02 - 01636672 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2013-12-12 11:28 - 2012-10-11 06:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 11:28 - 2012-10-11 06:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2013-12-12 11:28 - 2012-10-11 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 11:27 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 11:27 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-12 11:27 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 11:27 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 11:27 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 11:27 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-12 11:27 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:17 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:17 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 10:17 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:17 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:17 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 08:56 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

==================== One Month Modified Files and Folders =======

2014-01-08 21:16 - 2014-01-08 21:16 - 00010538 _____ C:\Users\Metallica41\Desktop\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00448512 _____ (OldTimer Tools) C:\Users\Metallica41\Downloads\TFC.exe
2014-01-08 21:12 - 2013-09-06 22:59 - 00000387 _____ C:\Users\Metallica41\AppData\Roaming\sp_data.sys
2014-01-08 21:12 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 21:11 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-08 21:10 - 2014-01-08 20:50 - 00000000 ____D C:\FRST
2014-01-08 21:09 - 2014-01-08 21:09 - 01931770 _____ (Farbar) C:\Users\Metallica41\Desktop\FRST64.exe
2014-01-08 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-08 20:47 - 2013-06-09 18:00 - 00000000 ____D C:\Users\Metallica41\Desktop\New folder (2)
2014-01-08 20:45 - 2013-11-09 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 20:42 - 2012-10-24 22:03 - 01360120 _____ C:\Windows\WindowsUpdate.log
2014-01-08 17:05 - 2014-01-08 12:34 - 00000000 ____D C:\ProgramData\MFAData
2014-01-08 15:01 - 2014-01-08 15:00 - 00283800 _____ C:\Windows\Minidump\010814-61562-01.dmp
2014-01-08 15:00 - 2014-01-08 14:56 - 00000000 ____D C:\Windows\Minidump
2014-01-08 15:00 - 2014-01-08 14:55 - 327547873 _____ C:\Windows\MEMORY.DMP
2014-01-08 14:56 - 2014-01-08 14:56 - 00262144 _____ C:\Windows\Minidump\010814-54937-01.dmp
2014-01-08 14:56 - 2013-09-06 22:42 - 00000000 ____D C:\Users\Metallica41
2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk
2014-01-08 14:03 - 2014-01-08 14:02 - 00028236 _____ C:\Windows\DirectX.log
2014-01-08 14:01 - 2013-03-25 18:48 - 00000000 ____D C:\Users\Metallica41\Documents\My Games
2014-01-08 13:49 - 2013-11-02 06:47 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\uTorrent
2014-01-08 12:56 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014
2014-01-08 12:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014
2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software
2014-01-08 12:38 - 2014-01-08 12:37 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-08 12:38 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG
2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData
2014-01-07 15:32 - 2014-01-06 15:34 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED
2014-01-07 14:00 - 2013-11-16 14:30 - 00000000 ____D C:\Users\Metallica41\Downloads\New folder
2014-01-07 12:54 - 2013-09-07 20:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-473922799-1250382268-3828485289-1001
2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-01-07 03:52 - 2014-01-03 00:22 - 00005034 _____ C:\Windows\PFRO.log
2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk
2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-06 15:59 - 2014-01-04 16:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-05 21:00 - 2013-12-14 22:45 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data
2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk
2014-01-04 16:54 - 2014-01-01 11:47 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk
2014-01-04 16:54 - 2014-01-01 11:47 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-04 16:05 - 2014-01-04 16:04 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted
2014-01-03 00:24 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\ProductData
2014-01-03 00:23 - 2014-01-03 00:22 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-02 17:21 - 2013-09-06 23:37 - 00000000 ____D C:\Windows.old
2014-01-02 17:20 - 2013-11-24 20:53 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
2014-01-02 17:20 - 2013-10-11 15:06 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cs 1.6 Background Maker v3.0
2014-01-02 17:19 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner
2014-01-01 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153}
2013-12-26 00:42 - 2013-12-25 01:52 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4)
2013-12-25 01:54 - 2013-12-24 23:23 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat
2013-12-25 01:22 - 2012-10-24 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-25 01:20 - 2013-12-25 01:19 - 00000318 _____ C:\Windows\SIERRA.INI
2013-12-25 00:00 - 2013-10-11 20:10 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Skype
2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2013-12-24 21:17 - 2013-12-14 08:02 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2013-12-14 23:24 - 2013-12-14 22:53 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data
2013-12-14 22:51 - 2013-12-14 22:44 - 00000983 _____ C:\Windows\eReg.dat
2013-12-14 20:56 - 2013-11-30 10:03 - 00000000 ____D C:\Users\Metallica41\Downloads\Guitar Pro 5
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk
2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk
2013-12-14 08:02 - 2013-12-14 07:58 - 00000965 _____ C:\Windows\Rtcw.INI
2013-12-14 00:21 - 2013-12-14 00:20 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip
2013-12-13 16:40 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:28 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-12-13 10:21 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-12 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-10 19:45 - 2013-11-09 15:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ____D C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 12:49

==================== End Of Log ============================





Evo uradio sam mogu reci da vise nema coin miner otkad sam obrisao ona 2 virusa ako nesto jos treba da uradim javite! Mr. Green

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5309
  • Gde živiš: Beograd

Arrow Moramo da ponovimo skriptu. Nakon ovoga će ti se kompjuter restartovati, ugasi sve programe pre pokretanja.



Arrow Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
CMD: shutdown /r /t3


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum






Arrow Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)



Ivance95 (AMF Tim)

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1011

Napisano: 08 Jan 2014 22:38

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
Ran by Metallica41 at 2014-01-08 22:33:14 Run:2
Running from C:\Users\Metallica41\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
CMD: shutdown /r /t3
*****************

C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk => Moved successfully.

========= shutdown /r /t3 =========

Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e | /o] [/hybrid] [/f]
[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

No args Display help. This is the same as typing /?.
/? Display help. This is the same as not typing any options.
/i Display the graphical user interface (GUI).
This must be the first option.
/l Log off. This cannot be used with /m or /d options.
/s Shutdown the computer.
/r Full shutdown and restart the computer.
/g Full shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
/a Abort a system shutdown.
This can only be used during the time-out period.
/p Turn off the local computer with no time-out or warning.
Can be used with /d and /f options.
/h Hibernate the local computer.
Can be used with the /f option.
/hybrid Performs a shutdown of the computer and prepares it for fast startup.
Must be used with /s option.
/e Document the reason for an unexpected shutdown of a computer.
/o Go to the advanced boot options menu and restart the computer.
Must be used with /r option.
/m \\computer Specify the target computer.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-315360000 (10 years), with a default of 30.
If the timeout period is greater than 0, the /f parameter is
implied.
/c "comment" Comment on the reason for the restart or shutdown.
Maximum of 512 characters allowed.
/f Force running applications to close without forewarning users.
The /f parameter is implied when a value greater than 0 is
specified for the /t parameter.
/d [p|u:]xx:yy Provide the reason for the restart or shutdown.
p indicates that the restart or shutdown is planned.
u indicates that the reason is user defined.
If neither p nor u is specified the restart or shutdown is
unplanned.
xx is the major reason number (positive integer less than 256).
yy is the minor reason number (positive integer less than 65536).

Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type Major Minor Title

U 0 0 Other (Unplanned)
E 0 0 Other (Unplanned)
E P 0 0 Other (Planned)
U 0 5 Other Failure: System Unresponsive
E 1 1 Hardware: Maintenance (Unplanned)
E P 1 1 Hardware: Maintenance (Planned)
E 1 2 Hardware: Installation (Unplanned)
E P 1 2 Hardware: Installation (Planned)
E 2 2 Operating System: Recovery (Planned)
E P 2 2 Operating System: Recovery (Planned)
P 2 3 Operating System: Upgrade (Planned)
E 2 4 Operating System: Reconfiguration (Unplanned)
E P 2 4 Operating System: Reconfiguration (Planned)
P 2 16 Operating System: Service pack (Planned)
2 17 Operating System: Hot fix (Unplanned)
P 2 17 Operating System: Hot fix (Planned)
2 18 Operating System: Security fix (Unplanned)
P 2 18 Operating System: Security fix (Planned)
E 4 1 Application: Maintenance (Unplanned)
E P 4 1 Application: Maintenance (Planned)
E P 4 2 Application: Installation (Planned)
E 4 5 Application: Unresponsive
E 4 6 Application: Unstable
U 5 15 System Failure: Stop error
U 5 19 Security issue (Unplanned)
E 5 19 Security issue (Unplanned)
E P 5 19 Security issue (Planned)
E 5 20 Loss of network connectivity (Unplanned)
U 6 11 Power Failure: Cord Unplugged
U 6 12 Power Failure: Environment
P 7 0 Legacy API shutdown

========= End of CMD: =========


==== End of Fixlog ====

Evo:
https://www.mycity.rs/must-login.png
Nema nijednog virusa,da li smo zavrsili? Mr. Green

Dopuna: 09 Jan 2014 11:01

Nadam se da smo zavrsili jer vise nema tog coin miner obrisao sam ga sa AVG Smile Inace hvala vam na pomoci ako jos nesto treba da uradim slobodno javite!

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5309
  • Gde živiš: Beograd

Arrow Jesmo, kompjuter je sada čist.



Arrow Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.





Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html




Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 675 korisnika na forumu :: 46 registrovanih, 6 sakrivenih i 623 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., aca022, aljosa7, Andrija357, Apok, atrkulja, awathorn, Blagojević Mlađan, cicus91, darkangel, darkstar101, djboj, Djokislav, Djokkinen, Ehinacea, Gama, Groucho, helen1, ikan, Kubovac, majorgaspar, mandic.101, messerschmitt, Metanoja, pavle_pzs2, pein, Revolucion, rkekoke, rovac, samsung2, Sasa Pavlovic, Snorks, ssekir75, stug, Toni, Vik, vlad44, voja64, VP3987, VP6919, zillbg, zoidbergs, zoranis, 187, 79693