MyCity » Ambulanta -> Arhiva Ambulante » Provera [system32/cmd.exe]

Provera [system32/cmd.exe]

Napisano na dan: 13.3.2014

Strana:
1
2
3

Provera [system32/cmd.exe]

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

boki199777 Poslao: 13 Mar 2014 20:31 Idi na vrh
offline boki199777 Elitni građanin Pridružio: 26 Sep 2012 Poruke: 1869 Gde živiš: Ček' da vidim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pri startovanju PC-ja, nakon wellcome screen-a pojavi mi se cmd prozor sa putanjom system32/cmd.exe .... Do sada ovoga nije bilo. Desava se u poslednja 3-4 dana. Takodje OS se sporo podize, pa bih hteo da proverim da li je sve ''cisto'' sto se ovog dela tice. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.51.2 Run by G31M at 20:28:04 on 2014-03-13 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2046.594 [GMT 1:00] . AV: avast! Internet Security Enabled/Updated {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security Enabled/Updated {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security Enabled {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\programi\malwerebites\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Connectify\ConnectifyService.exe C:\Program Files\Connectify\ConnectifyD.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Connectify\Connectify.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MCShield\MCShieldRTM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Connectify\ConnectifyNetServices.exe C:\Windows\system32\conhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Connectify Hotspot] c:\program files\connectify\Connectify.exe autorun mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{BE9BA824-66EA-4EFC-A357-405D01148142} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\g31m\appdata\roaming\mozilla\firefox\profiles\u9fbhd4a.default\ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R?2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-1-8 1494304] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-10-6 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-10-6 180248] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-3-8 26136] R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswndisflt.sys [2014-3-8 265072] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-10-6 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-10-6 410784] R1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\drivers\cnnctfy3.sys [2014-3-12 29672] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-10-6 67824] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-8 50344] R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-3-8 113704] R2 Connectify;Connectify;c:\program files\connectify\ConnectifyService.exe [2014-3-12 487936] R2 MBAMScheduler;MBAMScheduler;c:\programi\malwerebites\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-6 418376] R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-1-7 14658848] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496] R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-3 3574624] R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-5 64168] R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2014-1-25 1500160] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2014-1-7 51712] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-6 22856] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-1-8 34080] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 MBAMService;MBAMService;c:\programi\malwerebites\malwarebytes' anti-malware\mbamservice.exe [2013-10-6 701512] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2009-10-27 105984] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-11-8 15688] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-11-8 10320] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-9-19 98432] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-4 1343400] . =============== Created Last 30 ================ . 2014-03-13 13:34:34 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7dd7e0a3-2d57-4249-9d0c-4bc825cce4e8}\offreg.dll 2014-03-12 19:28:37 29672 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys 2014-03-12 19:28:28 -------- d-----w- c:\program files\Connectify 2014-03-12 19:24:57 -------- d-----w- c:\programdata\Connectify 2014-03-10 20:59:51 -------- d-----w- c:\users\g31m\appdata\local\1BN_(www.1bn.in) 2014-03-10 20:04:21 25416 ----a-w- c:\windows\system32\drivers\ndiskhaz.sys 2014-03-08 16:34:30 265072 ----a-w- c:\windows\system32\drivers\aswndisflt.sys 2014-03-08 16:34:06 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-03-05 07:24:35 -------- d-----r- c:\users\g31m\Dropbox 2014-03-05 07:21:15 -------- d-----w- c:\users\g31m\appdata\roaming\DropboxMaster 2014-03-05 07:19:32 -------- d-----w- c:\users\g31m\appdata\roaming\Dropbox 2014-03-01 16:14:42 -------- d-----w- c:\program files\Defraggler 2014-02-15 16:40:30 -------- d-----w- c:\program files\Paint.NET 2014-02-15 16:40:02 -------- d-----w- c:\users\g31m\appdata\local\Paint.NET 2014-02-14 23:05:21 -------- d-----w- c:\users\g31m\dwhelper 2014-02-14 22:41:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-02-14 22:32:01 -------- d-----w- c:\program files\SoftwareForMe Inc . ==================== Find3M ==================== . 2014-03-12 08:02:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-12 08:02:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-08 16:33:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-08 16:33:41 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-08 16:33:41 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-03-08 16:33:41 43152 ----a-w- c:\windows\avastSS.scr 2014-01-25 17:09:32 409088 ----a-w- c:\windows\system32\systemcpl.dll 2014-01-05 11:36:34 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys . ============= FINISH: 20:28:51,03 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 13 Mar 2014 23:36 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmite program GMER sa donjeg linka na Desktop: GMER download Kliknite dati link; Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save. Dvoklikom pokrenite GMER. Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No; kliknite Scan i sačekajte da skeniranje bude završeno; kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1); kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan; po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2); kliknite taster >>> i odaberite Autostart karticu; po završetku kratkotrajnog skeniranja, kliknite Copy; otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3); Slikoviti prikaz postupka Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

boki199777 Poslao: 14 Mar 2014 08:35 Idi na vrh
offline boki199777 Elitni građanin Pridružio: 26 Sep 2012 Poruke: 1869 Gde živiš: Ček' da vidim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 14 Mar 2014 09:00 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop: Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom. Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija. dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor; pričekati koji trenutak dok alat proverava postoji li novija verzija; klikni na dugme Scan; po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan; iskopiraj sadržaj FRST.txt izveštaja u poruku; po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt); okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

Profil

boki199777 Poslao: 14 Mar 2014 09:06 Idi na vrh
offline boki199777 Elitni građanin Pridružio: 26 Sep 2012 Poruke: 1869 Gde živiš: Ček' da vidim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by G31M (administrator) on G31M-PC on 14-03-2014 09:02:35 Running from C:\Users\G31M\Desktop Microsoft Windows 7 Ultimate (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Malwarebytes Corporation) C:\programi\malwerebites\Malwarebytes' Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\ConnectifyD.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Connectify) C:\Program Files\Connectify\Connectify.exe (Connectify) C:\Program Files\Connectify\DispatchUI.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Connectify) C:\Program Files\Connectify\ConnectifyNetServices.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-08] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Connectify Hotspot] - C:\Program Files\Connectify\Connectify.exe [4171552 2014-03-10] (Connectify) HKLM\...\Run: [Connectify Dispatch] - C:\Program Files\Connectify\DispatchUI.exe [2218784 2014-03-10] (Connectify) HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2180428478-2044508922-3083944251-1000\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\MCShieldRTM.exe [650816 2014-02-02] (MyCity) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF9E758D5D88CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Extension: DownloadHelper - C:\Users\G31M\AppData\Roaming\Mozilla\Firefox\Profiles\u9fbhd4a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-06] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: hxxp://www.facebook.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google документи) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14] CHR Extension: (Google диск) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-04] CHR Extension: (http://www.invazija.com/) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfcjmipmbdlblolgckfdicgopiecdpi [2013-08-30] CHR Extension: (YouTube) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14] CHR Extension: (Adblock Plus) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-28] CHR Extension: (Google претрага) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14] CHR Extension: (PartyCloud DJ) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2013-05-11] CHR Extension: (Фејсбук) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo [2013-08-30] CHR Extension: (Extra Cafe - Početna) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkfekkmkdkngmdmeecpabggcnjehjea [2013-08-30] CHR Extension: (SaveFrom.net helper lite) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekjjfhbnbhfgmnmkocnnfapjpdcpbok [2013-08-03] CHR Extension: (avast! Online Security) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-06] CHR Extension: (Google провера поште) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-04-14] CHR Extension: (Outlook.com Notifier) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2013-09-22] CHR Extension: (Google новчаник) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Outlook.com) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-09-22] CHR Extension: (Gmail) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14] CHR Extension: (Audio Cutter) - C:\Users\G31M\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2013-04-21] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-08] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-08] (AVAST Software) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2014-03-10] (Connectify) R2 MBAMScheduler; C:\programi\malwerebites\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\programi\malwerebites\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) U2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-08] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [265072 2014-03-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-30] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-30] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-08] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-03-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-05] () R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-02-23] (Atheros Communications, Inc.) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-03-13] (Connectify) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] () S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI) S3 netr28u; system32\DRIVERS\netr28u.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U3 kxldqpoc; \??\C:\Users\G31M\AppData\Local\Temp\kxldqpoc.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-14 09:02 - 2014-03-14 09:02 - 00013682 _____ () C:\Users\G31M\Desktop\FRST.txt 2014-03-14 09:02 - 2014-03-14 09:02 - 00000000 ____D () C:\FRST 2014-03-14 09:01 - 2014-03-14 09:01 - 01145856 _____ (Farbar) C:\Users\G31M\Desktop\FRST.exe 2014-03-14 08:06 - 2014-03-14 08:06 - 00380416 _____ () C:\Users\G31M\Desktop\y15t4blf.exe 2014-03-13 21:22 - 2014-03-13 21:22 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys 2014-03-13 21:16 - 2014-03-13 22:18 - 00000000 ____D () C:\Program Files\Connectify 2014-03-13 21:16 - 2014-03-13 21:28 - 00000000 ____D () C:\ProgramData\Connectify 2014-03-13 20:27 - 2014-03-13 20:27 - 00688992 ____R (Swearware) C:\Users\G31M\Desktop\dds.scr 2014-03-12 22:33 - 2014-03-12 22:33 - 00550371 _____ () C:\Users\G31M\Desktop\Autoruns.zip 2014-03-12 20:31 - 2014-03-14 07:18 - 00001512 _____ () C:\Windows\setupact.log 2014-03-12 20:31 - 2014-03-12 20:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\G31M\AppData\Local\1BN_(www.1bn.in) 2014-03-10 21:04 - 2012-12-07 10:34 - 00025416 _____ (Khalil Azzouzi) C:\Windows\system32\Drivers\ndiskhaz.sys 2014-03-08 17:34 - 2014-03-08 17:34 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys 2014-03-08 17:34 - 2014-03-08 17:33 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-03-05 08:24 - 2014-03-12 20:43 - 00000000 ___RD () C:\Users\G31M\Dropbox 2014-03-05 08:21 - 2014-03-05 08:24 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\DropboxMaster 2014-03-05 08:20 - 2014-03-05 08:20 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-03-05 08:19 - 2014-03-12 20:34 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Dropbox 2014-03-01 17:14 - 2014-03-01 17:16 - 00000000 ____D () C:\Program Files\Defraggler 2014-02-25 15:51 - 2014-02-25 15:51 - 00000000 ____D () C:\Users\G31M\Documents\Outlook Files 2014-02-18 12:00 - 2014-02-18 12:00 - 00312843 _____ () C:\Users\G31M\Documents\avlscan2.log 2014-02-18 12:00 - 2014-02-18 12:00 - 00004824 _____ () C:\Users\G31M\Documents\avlscan.log 2014-02-17 14:07 - 2014-02-17 14:07 - 00000000 ____D () C:\Users\G31M\Desktop\vulajic mirko 067628842 2014-02-15 17:40 - 2014-02-15 17:44 - 00000000 ____D () C:\Program Files\Paint.NET 2014-02-15 17:40 - 2014-02-15 17:42 - 00000000 ____D () C:\Users\G31M\AppData\Local\Paint.NET 2014-02-15 06:44 - 2014-02-15 06:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-15 00:05 - 2014-02-15 00:05 - 00000000 ____D () C:\Users\G31M\dwhelper 2014-02-14 23:42 - 2014-02-14 23:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-02-14 23:41 - 2014-02-14 23:41 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-02-14 23:41 - 2014-02-14 23:41 - 00000000 ____D () C:\Program Files\Java 2014-02-14 23:32 - 2014-02-14 23:32 - 00000000 ____D () C:\Program Files\SoftwareForMe Inc 2014-02-14 19:02 - 2014-02-14 19:03 - 00002086 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-03-14 09:02 - 2014-03-14 09:02 - 00013682 _____ () C:\Users\G31M\Desktop\FRST.txt 2014-03-14 09:02 - 2014-03-14 09:02 - 00000000 ____D () C:\FRST 2014-03-14 09:02 - 2013-03-04 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-14 09:01 - 2014-03-14 09:01 - 01145856 _____ (Farbar) C:\Users\G31M\Desktop\FRST.exe 2014-03-14 08:54 - 2013-03-03 16:18 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Skype 2014-03-14 08:41 - 2013-04-14 13:03 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-14 08:10 - 2013-03-03 13:59 - 01914174 _____ () C:\Windows\WindowsUpdate.log 2014-03-14 08:06 - 2014-03-14 08:06 - 00380416 _____ () C:\Users\G31M\Desktop\y15t4blf.exe 2014-03-14 07:19 - 2014-01-25 17:23 - 00000000 ____D () C:\ProgramData\MCShield 2014-03-14 07:19 - 2013-04-14 13:03 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-14 07:18 - 2014-03-12 20:31 - 00001512 _____ () C:\Windows\setupact.log 2014-03-14 07:18 - 2013-10-17 18:42 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-14 07:18 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-13 22:18 - 2014-03-13 21:16 - 00000000 ____D () C:\Program Files\Connectify 2014-03-13 21:47 - 2013-03-03 14:58 - 00000000 ____D () C:\Users\G31M\Desktop\program 2014-03-13 21:28 - 2014-03-13 21:16 - 00000000 ____D () C:\ProgramData\Connectify 2014-03-13 21:22 - 2014-03-13 21:22 - 00029672 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys 2014-03-13 20:27 - 2014-03-13 20:27 - 00688992 ____R (Swearware) C:\Users\G31M\Desktop\dds.scr 2014-03-12 22:33 - 2014-03-12 22:33 - 00550371 _____ () C:\Users\G31M\Desktop\Autoruns.zip 2014-03-12 20:43 - 2014-03-05 08:24 - 00000000 ___RD () C:\Users\G31M\Dropbox 2014-03-12 20:43 - 2013-03-03 14:53 - 00000000 ____D () C:\Windows\pss 2014-03-12 20:34 - 2014-03-05 08:19 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Dropbox 2014-03-12 20:31 - 2014-03-12 20:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-12 20:16 - 2013-11-04 22:25 - 00000512 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-12 20:15 - 2013-03-03 14:11 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-12 09:02 - 2013-03-04 14:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-03-12 09:02 - 2013-03-04 14:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-03-10 21:59 - 2014-03-10 21:59 - 00000000 ____D () C:\Users\G31M\AppData\Local\1BN_(www.1bn.in) 2014-03-08 23:27 - 2009-07-14 05:34 - 00013120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-08 23:27 - 2009-07-14 05:34 - 00013120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-08 17:34 - 2014-03-08 17:34 - 00265072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys 2014-03-08 17:33 - 2014-03-08 17:34 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-03-08 17:33 - 2014-01-05 12:36 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-03-08 17:33 - 2013-10-06 16:19 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-08 17:33 - 2013-10-06 16:19 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-08 17:33 - 2013-10-06 16:19 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-08 17:33 - 2013-10-06 16:19 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-08 17:33 - 2013-10-06 16:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-07 07:43 - 2009-07-14 05:53 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-05 08:24 - 2014-03-05 08:21 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\DropboxMaster 2014-03-05 08:24 - 2013-03-03 14:06 - 00000000 ____D () C:\Users\G31M 2014-03-05 08:20 - 2014-03-05 08:20 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-03-03 22:26 - 2013-03-17 15:25 - 00000000 ____D () C:\Windows\Minidump 2014-03-03 22:26 - 2013-03-03 15:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-02 11:14 - 2013-08-29 21:00 - 00000132 _____ () C:\Users\G31M\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-03-01 17:16 - 2014-03-01 17:14 - 00000000 ____D () C:\Program Files\Defraggler 2014-02-25 15:51 - 2014-02-25 15:51 - 00000000 ____D () C:\Users\G31M\Documents\Outlook Files 2014-02-18 12:00 - 2014-02-18 12:00 - 00312843 _____ () C:\Users\G31M\Documents\avlscan2.log 2014-02-18 12:00 - 2014-02-18 12:00 - 00004824 _____ () C:\Users\G31M\Documents\avlscan.log 2014-02-17 14:07 - 2014-02-17 14:07 - 00000000 ____D () C:\Users\G31M\Desktop\vulajic mirko 067628842 2014-02-16 06:08 - 2013-03-03 16:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-15 20:12 - 2014-02-11 14:06 - 00000000 ____D () C:\Users\G31M\AppData\Local\Facebook 2014-02-15 17:44 - 2014-02-15 17:40 - 00000000 ____D () C:\Program Files\Paint.NET 2014-02-15 17:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-15 17:42 - 2014-02-15 17:40 - 00000000 ____D () C:\Users\G31M\AppData\Local\Paint.NET 2014-02-15 06:44 - 2014-02-15 06:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-15 00:23 - 2013-07-19 18:36 - 00000000 ____D () C:\Users\G31M\AppData\Roaming\uTorrent 2014-02-15 00:05 - 2014-02-15 00:05 - 00000000 ____D () C:\Users\G31M\dwhelper 2014-02-14 23:42 - 2014-02-14 23:42 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-02-14 23:42 - 2013-11-23 19:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-14 23:41 - 2014-02-14 23:41 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-02-14 23:41 - 2014-02-14 23:41 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-02-14 23:41 - 2014-02-14 23:41 - 00000000 ____D () C:\Program Files\Java 2014-02-14 23:32 - 2014-02-14 23:32 - 00000000 ____D () C:\Program Files\SoftwareForMe Inc 2014-02-14 19:03 - 2014-02-14 19:02 - 00002086 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log Some content of TEMP: ==================== C:\Users\G31M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpomhcfl.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-10 08:43 ==================== End Of Log ============================ https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 15 Mar 2014 18:32 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini sto ti kasno odgovaram.... Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora. `Start MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\G31M\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l CMD: DEL %TEMP%\. /F /S /Q CMD: RD /S /Q %TEMP% End` U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da fixlog.txt kopiras na forum Dostavi mi svez FRST i Addition.txt

Profil

boki199777 Poslao: 15 Mar 2014 18:41 Idi na vrh
offline boki199777 Elitni građanin Pridružio: 26 Sep 2012 Poruke: 1869 Gde živiš: Ček' da vidim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by G31M at 2014-03-15 18:36:00 Run:1 Running from C:\Users\G31M\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NextLive => C:\Windows\system32\rundll32.exe "C:\Users\G31M\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l CMD: DEL %TEMP%\. /F /S /Q CMD: RD /S /Q %TEMP% End ***************** ========= MSCONFIG\startupmobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe ========= The system cannot find the path specified. ========= End of Reg: ========= ========= MSCONFIG\startupNextLive => C:\Windows\system32\rundll32.exe "C:\Users\G31M\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l ========= The system cannot find the path specified. ========= End of Reg: ========= ========= DEL %TEMP%\. /F /S /Q ========= Deleted file - C:\Users\G31M\AppData\Local\Temp\1069B67.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\1123D5D.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\13361A0.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\152B30E.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\1681C94.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\185D8D1.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\186E743.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\20558C.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\2061CA5.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\206D5C5.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\705F421.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\8755282.tmp Deleted file - C:\Users\G31M\AppData\Local\Temp\Attach.txt Deleted file - C:\Users\G31M\AppData\Local\Temp\ConnectifyInstall.txt Deleted file - C:\Users\G31M\AppData\Local\Temp\DDS.txt C:\Users\G31M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_sqrc.dll Access is denied. C:\Users\G31M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_sqrc.lck The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\FXSAPIDebugLogFile.txt The process cannot access the file because it is being used by another process. Deleted file - C:\Users\G31M\AppData\Local\Temp\JavaDeployReg.log Deleted file - C:\Users\G31M\AppData\Local\Temp\jusched.log Deleted file - C:\Users\G31M\AppData\Local\Temp\log3 Deleted file - C:\Users\G31M\AppData\Local\Temp\mediaget-installer_20-05-06.log Deleted file - C:\Users\G31M\AppData\Local\Temp\PDApp.log Deleted file - C:\Users\G31M\AppData\Local\Temp\2236_26694\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\2236_26694\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\2236_26694\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\2808_20551\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\2808_20551\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\2808_20551\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_10911\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_10911\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_10911\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_7219\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_7219\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\2816_7219\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\3160_31347\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\3160_31347\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\3160_31347\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\3260_32335\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\3260_32335\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\3260_32335\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\4284_29002\crl-set Deleted file - C:\Users\G31M\AppData\Local\Temp\4284_29002\manifest.fingerprint Deleted file - C:\Users\G31M\AppData\Local\Temp\4284_29002\manifest.json Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\CbsProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\CompatProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\DismCore.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\DismCorePS.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\DismHost.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\DismProv.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\DmiProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\FolderProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\IntlProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\LogProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\MsiProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\OSProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\SmiProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\TransmogProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\UnattendProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\wdscore.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\WimProvider.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\CbsProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\CompatProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\DismCore.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\DismProv.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\DmiProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\FolderProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\IntlProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\LogProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\MsiProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\OSProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\SmiProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\TransmogProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\UnattendProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\914A679F-A611-4AAB-ACDC-DFC9EF09B8DA\en-US\WimProvider.dll.mui Deleted file - C:\Users\G31M\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini Deleted file - C:\Users\G31M\AppData\Local\Temp\Connectify\ConnectifyInstaller.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\Connectify Activator.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\deactivate.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\install32.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\install64.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\Filesact\ConnectifyGopher.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX0\Filesact\Licensing.dll Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\Connectify Activator.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\deactivate.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\install32.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\install64.bat Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\Filesact\ConnectifyGopher.exe Deleted file - C:\Users\G31M\AppData\Local\Temp\RarSFX1\Filesact\Licensing.dll C:\Users\G31M\AppData\Local\Temp\Skype\DbTemp\temp-6w0D09hsJW5CNmiJXZOuMy6Z The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\Skype\DbTemp\temp-I1bKTWrmejbDgsiJDxmvig6e The process cannot access the file because it is being used by another process. ========= End of CMD: ========= ========= RD /S /Q %TEMP% ========= C:\Users\G31M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_sqrc.dll - Access is denied. C:\Users\G31M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv_sqrc.lck - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\etilqs_5FlhgbIYqytax3i - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\etilqs_GzVY0hgjzaP8edb - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\etilqs_knE0QLmBUjr0R80 - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\etilqs_ruoEd7DcD0X1d49 - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\Skype\DbTemp\temp-6w0D09hsJW5CNmiJXZOuMy6Z - The process cannot access the file because it is being used by another process. C:\Users\G31M\AppData\Local\Temp\Skype\DbTemp\temp-I1bKTWrmejbDgsiJDxmvig6e - The process cannot access the file because it is being used by another process. ========= End of CMD: ========= ==== End of Fixlog ==== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 15 Mar 2014 19:54 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajdemo ovako.... Pritisni dugme i R. Pojaviće se sledeći prozor: Potrebno je upisati msconfig i pritisnuti OK. Otvoriće se novi prozor u kom je potrebno preći na karticu Startup. Stikliraj ove dve stavke: mobilegeni daemon NextLive Nakon toga, restartuj racunar i dostavi svez FRST i Addition.txt.

Profil

boki199777 Poslao: 15 Mar 2014 21:12 Idi na vrh
offline boki199777 Elitni građanin Pridružio: 26 Sep 2012 Poruke: 1869 Gde živiš: Ček' da vidim...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nakon ponovnog pokretanja dobio sam sledeca obavestenja : https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

NIx Car Poslao: 15 Mar 2014 22:48 Idi na vrh
offline NIx Car Legendarni građanin Més que un club Glavni vokal @ Harpun Pridružio: 27 Feb 2009 Poruke: 3898 Gde živiš: Novi Sad,Klisa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora. `Start HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe File: C:\Program Files\Mobogenie\DaemonProcess.exe Task: {41F44F6C-798B-4EAA-9C4A-206B68458A23} - System32\Tasks\PCRemote Startup Task => C:\Users\G31M\AppData\Local\Temp\Rar$EXa0.318\PCRemoteServer\PCRemoteServer.exe Folder: C:\Users\G31M\AppData\Local\Temp\Rar$EXa0.318 End` U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da fixlog.txt kopiras na forum

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera [system32/cmd.exe]

Ko je trenutno na forumu

Ukupno su 1000 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 968 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, babaroga, bobomicek, bojank, Brana01, Dannyboy, dolinalima, ILGromovnik, Kriglord, kunktator, mackenzie, mercedesamg, Mi lao shu, MiG-29M2, nebkv, Nikolaa11, nikoladim, Povratak1912, procesor, proka89, raketaš, ruger357, Silvertooth, Snorks, uruk, vathra, VJ, wolf431, zicko.spacek

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by