Poslao: 01 Mar 2014 21:35
|
|
Napisano: 01 Mar 2014 21:03
e ovako od pre par dana ne mogu pomerati ikonice da desktopu,nzm sta je problem,skenirao sa anti virus nije do toga,glary utilitisom,cleanerom,i nista,nzm sta je molim za pomoc.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_30
Run by Administrator at 21:01:51 on 2014-03-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.83 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.a4tech.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B340210F-F527-4A36-82DF-D2A1EE96092C} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 46.4.253.148 sm1.setmaster.pro
Hosts: 46.4.253.148 ms.magesy.ru
Hosts: 46.4.253.148 sm2.setmaster.pro
Hosts: 46.4.253.148 valve-master-server.com
Hosts: 46.4.253.148 ms.cs-servera.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\8qt8k04e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [2012-12-31 904680]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
.
=============== Created Last 30 ================
.
2014-02-26 16:45:26 -------- d-----w- c:\program files\Glary Utilities 4
.
==================== Find3M ====================
.
2014-02-21 15:25:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 15:25:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 21:02:26,20 ===============
mycity.rs/must-login.png
Dopuna: 01 Mar 2014 21:35
jos nesto,zelim da proverim komp od virusi,jer mi se usporio nesto,cesto pf usage 100%
|
|
|
|
|
Poslao: 03 Mar 2014 21:14
|
|
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-03-2014 01
Ran by Administrator (administrator) on VUKASIN-CA6C009 on 03-03-2014 21:07:10
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [203072 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2001-08-23] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1667584 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFFFF
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\MountPoints2: D - ph.exe
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\MountPoints2: E - ph.exe
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\MountPoints2: {5202e78f-40e4-11e1-aa6e-f0283dd5905c} - G:\setup.exe
HKU\S-1-5-21-1659004503-492894223-839522115-500\...\MountPoints2: {5da1155c-4add-11e3-ae58-00e04c0d6139} - G:\Setup\rsrc\autorun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
ShortcutTarget: REALTEK 11n USB Wireless LAN Utility.lnk -> C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8qt8k04e.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-01-16]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-16]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
========================== Services (Whitelisted) =================
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-01-16] (Sun Microsystems, Inc.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-12-31] (Cisco Systems, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\rtwlanu.sys [904680 2011-05-09] (Realtek Semiconductor Corporation )
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2001-08-23] ()
S4 IntelIde; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-03 21:07 - 2014-03-03 21:07 - 00000000 ____D () C:\FRST
2014-02-26 17:40 - 2014-02-26 17:40 - 00000877 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to chrome.lnk
2014-02-15 09:21 - 2014-02-15 09:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-03-03 21:07 - 2014-03-03 21:07 - 00000000 ____D () C:\FRST
2014-03-03 20:44 - 2012-05-03 19:37 - 00001030 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-492894223-839522115-500UA.job
2014-03-03 20:44 - 2012-01-16 21:58 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 20:26 - 2012-01-17 09:00 - 01997970 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-03 20:24 - 2013-02-25 18:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-03 15:43 - 2012-01-16 21:58 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 15:39 - 2013-08-17 12:01 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-03-03 15:39 - 2012-12-31 16:33 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-03-03 15:39 - 2012-01-17 09:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-03 15:39 - 2012-01-17 09:55 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-03 15:39 - 2012-01-17 09:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-02 22:20 - 2012-01-17 09:05 - 00032384 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-02 22:20 - 2012-01-17 09:05 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-01 20:52 - 2012-01-16 22:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-03-01 20:44 - 2012-05-09 07:55 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-01 20:39 - 2013-11-11 15:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\GlarySoft
2014-03-01 09:48 - 2012-07-12 08:43 - 00001008 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1659004503-492894223-839522115-500Core1cd6002173f63a6.job
2014-02-26 17:40 - 2014-02-26 17:40 - 00000877 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to chrome.lnk
2014-02-26 17:35 - 2012-01-16 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-02-26 17:34 - 2012-01-17 09:05 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-26 17:03 - 2001-08-23 10:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-22 13:28 - 2013-01-29 15:13 - 00000000 ____D () C:\Program Files\Ford Racing 2
2014-02-21 16:25 - 2013-02-25 18:59 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 16:25 - 2013-02-25 18:59 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-16 18:18 - 2013-11-05 16:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 09:21 - 2014-02-15 09:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2001-08-23 10:00] - [2009-02-09 11:20] - 0399360 ____A (Microsoft Corporation) 01095febf33beea00c2a0730b9b3ec28
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 03 Mar 2014 22:14
|
|
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-03 21:14:41
-----------------------------
21:14:41.453 OS Version: Windows 5.1.2600 Service Pack 2
21:14:41.453 Number of processors: 1 586 0x1601
21:14:41.453 ComputerName: VUKASIN-CA6C009 UserName: Administrator
21:14:41.921 Initialize success
21:28:06.437 AVAST engine defs: 14030201
21:42:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:42:38.343 Disk 0 Vendor: WDC_WD800JD-60LSA5 10.01E03 Size: 76319MB BusType: 3
21:42:38.500 Disk 0 MBR read successfully
21:42:38.500 Disk 0 MBR scan
21:42:41.484 Disk 0 Windows XP default MBR code
21:42:41.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
21:42:45.765 Disk 0 Partition - 00 0F Extended LBA 51317 MB offset 51199155
21:42:45.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24999 MB offset 51199218
21:42:45.875 Disk 0 Partition - 00 05 Extended 26317 MB offset 102398310
21:42:45.906 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26317 MB offset 102398373
21:42:46.046 Disk 0 scanning sectors +156296385
21:42:47.828 Disk 0 scanning C:\WINDOWS\system32\drivers
21:44:40.171 Service scanning
21:46:47.171 Modules scanning
21:47:49.546 Disk 0 trace - called modules:
21:47:49.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:47:49.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d8e030]
21:47:49.609 3 CLASSPNP.SYS[f84eb05b] -> nt!IofCallDriver -> \Device\00000063[0x82d6ba10]
21:47:49.609 5 ACPI.sys[f8381620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x82d6bb28]
21:47:54.140 AVAST engine scan C:\WINDOWS
21:48:59.015 AVAST engine scan C:\WINDOWS\system32
22:00:55.890 AVAST engine scan C:\WINDOWS\system32\drivers
22:01:38.546 AVAST engine scan C:\Documents and Settings\Administrator
22:10:23.187 AVAST engine scan C:\Documents and Settings\All Users
22:10:31.187 Scan finished successfully
22:13:19.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:13:19.140 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
|
|
|
|
|
|