MyCity » Ambulanta -> Arhiva Ambulante » Sta je coin miner? Macromedia

Sta je coin miner? Macromedia

Napisano na dan: 8.1.2014

Strana:
1
2

Sta je coin miner? Macromedia

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Killer7 Poslao: 08 Jan 2014 14:29 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav imam jedan problem kad otvorim task manager ima jedan program coin miner koji uvek trosi sve resorse kompjutera i uvek mi dode na 100% CPU.Mozete mi pomoci kako to da uklonim jer svaki put kad iskljucim taj program opet se pojavi Sad Imam AVG 2014 i kaze da nema virusa i da to nije virus ali zasto onda non stop trosi 100%? Cak i kad laptop miruje on trosi 100% CPU! Molim vas pomozite! DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2 Run by Metallica41 at 14:25:32 on 2014-01-08 Microsoft Windows 8 6.2.9200.0.1250.381.2057.18.1932.773 [GMT 1:00] . AV: AVG AntiVirus Free Edition 2014 Enabled/Updated {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 Enabled/Updated {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe C:\Windows\system32\dashost.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Windows\system32\viakaraokesrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\dwm.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files\ASUS\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\System32\WScript.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Windows\system32\igfxpers.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\system32\BackgroundTransferHost.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Metallica41\AppData\Roaming\WindowsHelp\macromedia.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = [Link mogu videti samo ulogovani korisnici] mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [SE] "C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe" /minimized uRun: [uTorrent] "C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY StartupFolder: C:\Users\METALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe TCP: NameServer = 192.168.1.1 TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1}\35C61667B6F6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{02BEEDC7-9D69-4DCB-A274-DD31870171B1}\77830323D21607164796E6D237563623 : DHCPNameServer = 93.186.64.12 93.186.74.12 TCP: Interfaces\{09E26668-D028-4329-9621-0EFFB961AA24} : DHCPNameServer = 40.54.1.201 40.54.1.203 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544] R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-5 150808] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-4 240920] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-10-31 212280] R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120] R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152] R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-4-16 65784] R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-8-28 110744] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-8-28 2206352] S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496] S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824] . =============== Created Last 30 ================ . 2014-01-08 13:01:56 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2014-01-08 13:01:56 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2014-01-08 13:01:56 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2014-01-08 13:01:56 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2014-01-08 13:01:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2014-01-08 13:01:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2014-01-08 13:01:56 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2014-01-08 13:01:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2014-01-08 13:01:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2014-01-08 11:39:19 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\AVG2014 2014-01-08 11:38:31 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\TuneUp Software 2014-01-08 11:37:53 -------- d--h--w- C:\$AVG 2014-01-08 11:37:53 -------- d-----w- C:\ProgramData\AVG2014 2014-01-08 11:37:41 -------- d-----w- C:\Program Files (x86)\AVG 2014-01-08 11:34:11 -------- d-----w- C:\Users\Metallica41\AppData\Local\MFAData 2014-01-08 11:34:11 -------- d-----w- C:\Users\Metallica41\AppData\Local\Avg2014 2014-01-08 11:34:11 -------- d-----w- C:\ProgramData\MFAData 2014-01-08 08:10:40 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89BD74A5-7393-4EB7-AB49-6C306AB5E90F}\mpengine.dll 2014-01-07 10:42:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2014-01-06 21:46:30 -------- d-----w- C:\ProgramData\Media Center Programs 2014-01-06 21:46:26 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2014-01-06 16:20:39 -------- d-----w- C:\ProgramData\SystemRequirementsLab 2014-01-06 16:20:39 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab 2014-01-06 14:48:32 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2014-01-06 14:48:32 10315576 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B098CD18-F97F-4C0E-9595-DF506E2903A8}\mpengine.dll 2014-01-04 15:54:40 -------- d-----w- C:\Program Files (x86)\SpeedFan 2014-01-02 16:10:18 -------- d-----w- C:\Program Files\CCleaner 2013-12-25 00:21:46 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-12-25 00:21:45 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-12-25 00:21:45 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2013-12-25 00:21:45 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2013-12-25 00:21:39 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2013-12-25 00:19:19 304128 ----a-w- C:\Windows\IsUninst.exe 2013-12-24 22:12:10 -------- d-----w- C:\Program Files (x86)\NewSoftware's 2013-12-24 20:14:37 -------- d-----w- C:\Users\Metallica41\AppData\Roaming\IObit 2013-12-24 20:14:37 -------- d-----w- C:\ProgramData\IObit 2013-12-24 20:14:33 -------- d-----w- C:\ProgramData\ProductData 2013-12-24 20:14:25 -------- d-----w- C:\Program Files (x86)\IObit 2013-12-12 22:29:57 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-12-12 22:29:56 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2013-12-12 22:29:55 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-12-12 22:29:55 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2013-12-12 22:29:55 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2013-12-12 22:29:55 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2013-12-12 10:28:48 288768 ----a-w- C:\Windows\System32\drivers\portcls.sys 2013-12-12 10:28:47 5632 ----a-w- C:\Windows\System32\drivers\drmkaud.sys 2013-12-12 10:28:47 370176 ----a-w- C:\Windows\System32\SysFxUI.dll 2013-12-12 10:28:47 1636672 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll 2013-12-12 10:28:47 111616 ----a-w- C:\Windows\System32\drivers\drmk.sys 2013-12-12 10:27:34 222720 ----a-w- C:\Windows\System32\scrobj.dll 2013-12-12 10:27:34 143872 ----a-w- C:\Windows\System32\wshom.ocx 2013-12-12 10:27:33 194048 ----a-w- C:\Windows\System32\scrrun.dll 2013-12-12 10:27:33 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll 2013-12-12 10:27:33 146944 ----a-w- C:\Windows\System32\cscript.exe 2013-12-12 10:27:33 115712 ----a-w- C:\Windows\SysWow64\cscript.exe 2013-12-12 10:27:32 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll 2013-12-12 09:17:33 312320 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-12 09:17:32 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-12-12 09:17:31 420864 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-12-12 09:17:31 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-12-12 09:17:28 4036608 ----a-w- C:\Windows\System32\win32k.sys 2013-12-12 07:56:19 62976 ----a-w- C:\Windows\System32\imagehlp.dll 2013-12-12 07:56:18 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll . ==================== Find3M ==================== . 2014-01-08 08:11:06 387 ----a-w- C:\Users\Metallica41\AppData\Roaming\sp_data.sys 2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-05 20:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2013-11-04 20:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-10-31 22:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-10-31 21:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2013-10-25 22:09:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll 2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-24 21:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-10-21 21:28:28 252728 ----a-w- C:\Windows\System32\drivers\avgwfpa.sys . ============= FINISH: 14:27:18,45 =============== Attach: [Link mogu videti samo ulogovani korisnici]

Profil

magna86 Poslao: 08 Jan 2014 14:41 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	1Ovo se svidja korisniku: E.L.I.T.E. Registruj se da bi pohvalio/la poruku! Bitcoin miner je nama poznat malware, uklonicemo mi to. Moguce da to nije jedina aktivna infekcija ovde. No pre nego sto krenemo sa uklanjanjem potrebno je da prikupimo dodatne informacije koje ce nam omoguciti da ucitamo bas svaki maliciozni loading point. Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop: Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom. Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija. dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor; pričekati koji trenutak dok alat proverava postoji li novija verzija; klikni na dugme Scan; po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan; iskopiraj sadržaj FRST.txt izveštaja u poruku; po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt); okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl ========================================= Potom ... Preuzmi program GMER, RootKit Detektor i sačuvati ga na Desktop: Napomena: alat nosi nasumice generisan naziv. Na samoj ikonici će jasno pisati GMER. Dvoklikom pokreni GMER. Sačekaj da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, klikni No; klikni dugme [Scan] i sačekaj da skeniranje bude završeno; klikni dugme [Save ...] - izveštaj sačuvaj na Desktop pod nazivom ARK; kliknite taster >>> i odaberite Autostart karticu; klikni dugme [Scan]; po završetku kratkotrajnog skeniranja, klikni [Copy]; otvori Notepad i u njega postavi kopirani tekst - izveštaj sačuvaj na Desktop pod nazivom autostart; Priloži oba GMER izveštaja uz poruku korišćenjem opcije Prikači fajl.

Profil

Killer7 Poslao: 08 Jan 2014 15:03 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 Ran by Metallica41 (administrator) on FIKO on 08-01-2014 14:46:49 Running from C:\Users\Metallica41\Downloads Windows 8 (X64) OS Language: English(UK) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Ufasoft) C:\Users\Metallica41\AppData\Roaming\WindowsHelp\macromedia.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA) HKLM-x32\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons) HKCU\...\Run: [uTorrent] - C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe [1309016 2014-01-06] (BitTorrent Inc.) MountPoints2: F - "F:\OblivionLauncher.exe" Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 hexmagic; \??\C:\Windows\system32\drivers\hexmagic.sys [x] U0 msahci; S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 14:46 - 2014-01-08 14:47 - 00011681 _____ C:\Users\Metallica41\Downloads\FRST.txt 2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\FRST 2014-01-08 14:44 - 2014-01-08 14:45 - 01932624 _____ (Farbar) C:\Users\Metallica41\Downloads\FRST64.exe 2014-01-08 14:27 - 2014-01-08 14:27 - 00016748 _____ C:\Users\Metallica41\Desktop\dds.txt 2014-01-08 14:27 - 2014-01-08 14:27 - 00003713 _____ C:\Users\Metallica41\Desktop\attach.txt 2014-01-08 14:24 - 2014-01-08 14:25 - 00688992 ____R (Swearware) C:\Users\Metallica41\Downloads\dds.scr 2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk 2014-01-08 14:02 - 2014-01-08 14:03 - 00028236 _____ C:\Windows\DirectX.log 2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014 2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software 2014-01-08 12:37 - 2014-01-08 12:38 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-08 12:34 - 2014-01-08 12:56 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014 2014-01-08 12:34 - 2014-01-08 12:55 - 00000000 ____D C:\ProgramData\MFAData 2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData 2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk 2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2014-01-06 15:34 - 2014-01-07 15:32 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED 2014-01-04 16:54 - 2014-01-06 15:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk 2014-01-04 16:04 - 2014-01-04 16:05 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted 2014-01-03 00:22 - 2014-01-07 03:52 - 00005034 _____ C:\Windows\PFRO.log 2014-01-03 00:22 - 2014-01-03 00:23 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner 2014-01-01 11:47 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk 2014-01-01 11:47 - 2014-01-04 16:54 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153} 2013-12-25 01:52 - 2013-12-26 00:42 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4) 2013-12-25 01:19 - 2013-12-25 01:20 - 00000318 _____ C:\Windows\SIERRA.INI 2013-12-25 01:19 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2013-12-24 23:23 - 2013-12-25 01:54 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat 2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's 2013-12-24 21:14 - 2014-01-03 00:24 - 00000000 ____D C:\ProgramData\ProductData 2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit 2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit 2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit 2013-12-14 22:53 - 2013-12-14 23:24 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data 2013-12-14 22:45 - 2014-01-05 21:00 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data 2013-12-14 22:44 - 2013-12-14 22:51 - 00000983 _____ C:\Windows\eReg.dat 2013-12-14 08:02 - 2013-12-24 21:17 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk 2013-12-14 07:58 - 2013-12-14 08:02 - 00000965 _____ C:\Windows\Rtcw.INI 2013-12-14 00:20 - 2013-12-14 00:21 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip 2013-12-12 23:30 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 23:30 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 23:30 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 23:30 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-12 23:30 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 23:30 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-12 23:29 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-12-12 23:29 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 23:29 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 23:29 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 23:27 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-12-12 23:27 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-12-12 23:27 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-12-12 23:27 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-12-12 23:27 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2013-12-12 23:27 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml 2013-12-12 23:27 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2013-12-12 23:27 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-12-12 23:27 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-12-12 23:27 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-12-12 23:27 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2013-12-12 23:27 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2013-12-12 23:27 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2013-12-12 23:27 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2013-12-12 11:28 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-12 11:28 - 2012-10-11 08:02 - 01636672 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2013-12-12 11:28 - 2012-10-11 06:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2013-12-12 11:28 - 2012-10-11 06:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2013-12-12 11:28 - 2012-10-11 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 11:27 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 11:27 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2013-12-12 11:27 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 11:27 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 11:27 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 11:27 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2013-12-12 11:27 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 10:17 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 10:17 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 10:17 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 10:17 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 10:17 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 08:56 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 08:56 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll ==================== One Month Modified Files and Folders ======= 2014-01-08 14:47 - 2014-01-08 14:46 - 00011681 _____ C:\Users\Metallica41\Downloads\FRST.txt 2014-01-08 14:46 - 2014-01-08 14:46 - 00000000 ____D C:\FRST 2014-01-08 14:45 - 2014-01-08 14:44 - 01932624 _____ (Farbar) C:\Users\Metallica41\Downloads\FRST64.exe 2014-01-08 14:45 - 2013-11-09 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-08 14:30 - 2012-10-24 22:03 - 01223035 _____ C:\Windows\WindowsUpdate.log 2014-01-08 14:27 - 2014-01-08 14:27 - 00016748 _____ C:\Users\Metallica41\Desktop\dds.txt 2014-01-08 14:27 - 2014-01-08 14:27 - 00003713 _____ C:\Users\Metallica41\Desktop\attach.txt 2014-01-08 14:25 - 2014-01-08 14:24 - 00688992 ____R (Swearware) C:\Users\Metallica41\Downloads\dds.scr 2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk 2014-01-08 14:03 - 2014-01-08 14:02 - 00028236 _____ C:\Windows\DirectX.log 2014-01-08 14:01 - 2013-03-25 18:48 - 00000000 ____D C:\Users\Metallica41\Documents\My Games 2014-01-08 14:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2014-01-08 13:49 - 2013-11-02 06:47 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\uTorrent 2014-01-08 13:09 - 2013-11-08 20:46 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\WindowsHelp 2014-01-08 12:56 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014 2014-01-08 12:55 - 2014-01-08 12:34 - 00000000 ____D C:\ProgramData\MFAData 2014-01-08 12:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014 2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software 2014-01-08 12:38 - 2014-01-08 12:37 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-08 12:38 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData 2014-01-08 12:20 - 2013-06-09 18:00 - 00000000 ____D C:\Users\Metallica41\Desktop\New folder (2) 2014-01-08 09:11 - 2013-09-06 22:59 - 00000387 _____ C:\Users\Metallica41\AppData\Roaming\sp_data.sys 2014-01-07 15:32 - 2014-01-06 15:34 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED 2014-01-07 14:00 - 2013-11-16 14:30 - 00000000 ____D C:\Users\Metallica41\Downloads\New folder 2014-01-07 12:54 - 2013-09-07 20:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-473922799-1250382268-3828485289-1001 2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2014-01-07 03:52 - 2014-01-03 00:22 - 00005034 _____ C:\Windows\PFRO.log 2014-01-07 03:52 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk 2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2014-01-06 15:59 - 2014-01-04 16:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2014-01-05 21:00 - 2013-12-14 22:45 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data 2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk 2014-01-04 16:54 - 2014-01-01 11:47 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk 2014-01-04 16:54 - 2014-01-01 11:47 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2014-01-04 16:05 - 2014-01-04 16:04 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted 2014-01-03 00:24 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\ProductData 2014-01-03 00:23 - 2014-01-03 00:22 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-03 00:22 - 2013-12-24 21:14 - 00000000 ____D C:\Program Files (x86)\IObit 2014-01-02 17:21 - 2013-09-06 23:37 - 00000000 ____D C:\Windows.old 2014-01-02 17:20 - 2013-11-24 20:53 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 2014-01-02 17:20 - 2013-10-11 15:06 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cs 1.6 Background Maker v3.0 2014-01-02 17:19 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther 2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner 2014-01-01 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153} 2013-12-26 00:42 - 2013-12-25 01:52 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4) 2013-12-25 01:54 - 2013-12-24 23:23 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat 2013-12-25 01:22 - 2012-10-24 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-25 01:20 - 2013-12-25 01:19 - 00000318 _____ C:\Windows\SIERRA.INI 2013-12-25 00:00 - 2013-10-11 20:10 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Skype 2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's 2013-12-24 21:17 - 2013-12-14 08:02 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein 2013-12-24 21:15 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\IObit 2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit 2013-12-17 23:04 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2013-12-14 23:24 - 2013-12-14 22:53 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data 2013-12-14 22:51 - 2013-12-14 22:44 - 00000983 _____ C:\Windows\eReg.dat 2013-12-14 20:56 - 2013-11-30 10:03 - 00000000 ____D C:\Users\Metallica41\Downloads\Guitar Pro 5 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk 2013-12-14 08:02 - 2013-12-14 07:58 - 00000965 _____ C:\Windows\Rtcw.INI 2013-12-14 00:21 - 2013-12-14 00:20 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip 2013-12-13 16:40 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-12-13 10:28 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB 2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB 2013-12-13 10:21 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe 2013-12-12 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2013-12-10 19:45 - 2013-11-09 15:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ____D C:\ProgramData\Skype Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Metallica41\AppData\Local\Temp\drm_dyndata_7370012.dll C:\Users\Metallica41\AppData\Local\Temp\sfamcc00001.dll C:\Users\Metallica41\AppData\Local\Temp\sfamcc00002.dll C:\Users\Metallica41\AppData\Local\Temp\sfextra.dll C:\Users\Metallica41\AppData\Local\Temp\SRLDetectionLibrary6277013301442389629.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-08 12:49 ==================== End Of Log ============================ addition: [Link mogu videti samo ulogovani korisnici] Ne mogu gmer da okacim jer kad god pokrenem gmer ono zablokira laptop i pise ''your computer has run into a pc error'' i onda se resetuje tako da gmer ne mogu izvini!

Profil

ivance95 Poslao: 08 Jan 2014 18:52 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora. (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit) HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net 2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit 2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit 2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit C:\ProgramData\SetStretch.exe C:\Users\Metallica41\AppData\Local\Temp\*.dll C:\Users\Metallica41\AppData\Roaming\WindowsHelp C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net C:\Users\Metallica41\AppData\Roaming\SkypEmoticons U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da fixlog.txt kopiras na forum Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop. Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje. Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu. Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu. Ponovo pokreni FRST i postavi mi svež log. Ivance95 (AMF Tim)

Profil

Killer7 Poslao: 08 Jan 2014 20:54 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 08 Jan 2014 20:53 Nece brate uvek pise fixlist.txt should be in the same directory as tool.Ja stavim ali dzabe nece pa nece.Ionako sam primetio da malware vise nema jer coin miner se vise ne pojavljuje,pa me zanima da li i dalje moram da nastavim sa ovim jer AVG mi je pronasao 2 virusa i obrisao ih. Dopuna: 08 Jan 2014 20:54 Da li moram nastaviti?

Profil

magna86 Poslao: 08 Jan 2014 21:04 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se sto upadam kolegi u temi no kolega trenutno ima privatne obaveze ... Da ne cekas ... Citat:Running from C:\Users\Metallica41\Downloads Originalni FRST se nalazi u Download folderu. Lepo ti kaze, FixList mora da se nalazi u istom direktorijumu (lokacija) gde se nalazi i FRST.exe Prebaci FRST.exe na Desktop, formiraj FixList.txt i sacuvaj na Desktop pa izvrsi FRST preko dugmeta Fix kao sto se navodi u uputstvu.

Profil

Killer7 Poslao: 08 Jan 2014 21:20 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 08 Jan 2014 21:08 Ok hvala znao sam nego nisam vidim ima neki folder u C: ali evo uradicu! Dopuna: 08 Jan 2014 21:20 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01 Ran by Metallica41 at 2014-01-08 21:10:01 Run:1 Running from C:\Users\Metallica41\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-24] (IObit) HKCU\...\Run: [SE] - C:\Users\Metallica41\AppData\Roaming\SkypEmoticons\SE.exe [5827488 2013-10-25] (SkypEmoticons) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Extension: Vauodiax - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net FF Extension: SearchNewTab - C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net 2013-12-24 21:14 - 2014-01-03 00:22 - 00000000 ____D C:\Program Files (x86)\IObit 2013-12-24 21:14 - 2013-12-24 21:15 - 00000000 ____D C:\ProgramData\IObit 2013-12-24 21:14 - 2013-12-24 21:14 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\IObit C:\ProgramData\SetStretch.exe C:\Users\Metallica41\AppData\Local\Temp\.dll C:\Users\Metallica41\AppData\Roaming\WindowsHelp C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net C:\Users\Metallica41\AppData\Roaming\SkypEmoticons **************** [2028] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => Process closed successfully. C:\Windows\System32\wscript.exe => No running process found LiveUpdateSvc => Service deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SE => Value deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key deleted successfully. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key deleted successfully. Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.ln not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net => Moved successfully. C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net => Moved successfully. C:\Program Files (x86)\IObit => Moved successfully. C:\ProgramData\IObit => Moved successfully. C:\Users\Metallica41\AppData\Roaming\IObit => Moved successfully. C:\ProgramData\SetStretch.exe => Moved successfully. C:\Users\Metallica41\AppData\Local\Temp\.dll => Moved successfully. C:\Users\Metallica41\AppData\Roaming\WindowsHelp => Moved successfully. "C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\dvdjj9_unc@uuuiy-oa.net" => File/Directory not found. "C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default\Extensions\lvfcpkoq@lws-u.net" => File/Directory not found. C:\Users\Metallica41\AppData\Roaming\SkypEmoticons => Moved successfully. The system needs a manual reboot. FRST: ==== End of Fixlog ==== [Link mogu videti samo ulogovani korisnici]* Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01 Ran by Metallica41 (administrator) on FIKO on 08-01-2014 21:16:20 Running from C:\Users\Metallica41\Desktop Windows 8 (X64) OS Language: English(UK) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA) HKLM-x32\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [uTorrent] - C:\Users\Metallica41\AppData\Roaming\uTorrent\uTorrent.exe [1309016 2014-01-06] (BitTorrent Inc.) MountPoints2: F - "F:\OblivionLauncher.exe" Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk ShortcutTarget: Skype.lnk -> C:\Users\Metallica41\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Metallica41\AppData\Roaming\Mozilla\Firefox\Profiles\2qoqogpq.default FF Homepage: [Link mogu videti samo ulogovani korisnici] FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) S3 hexmagic; \??\C:\Windows\system32\drivers\hexmagic.sys [x] U0 msahci; S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 21:16 - 2014-01-08 21:16 - 00010538 _____ C:\Users\Metallica41\Desktop\FRST.txt 2014-01-08 21:15 - 2014-01-08 21:15 - 00448512 _____ (OldTimer Tools) C:\Users\Metallica41\Downloads\TFC.exe 2014-01-08 21:09 - 2014-01-08 21:09 - 01931770 _____ (Farbar) C:\Users\Metallica41\Desktop\FRST64.exe 2014-01-08 20:50 - 2014-01-08 21:10 - 00000000 ____D C:\FRST 2014-01-08 15:00 - 2014-01-08 15:01 - 00283800 _____ C:\Windows\Minidump\010814-61562-01.dmp 2014-01-08 14:56 - 2014-01-08 15:00 - 00000000 ____D C:\Windows\Minidump 2014-01-08 14:56 - 2014-01-08 14:56 - 00262144 _____ C:\Windows\Minidump\010814-54937-01.dmp 2014-01-08 14:55 - 2014-01-08 15:00 - 327547873 _____ C:\Windows\MEMORY.DMP 2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk 2014-01-08 14:02 - 2014-01-08 14:03 - 00028236 _____ C:\Windows\DirectX.log 2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014 2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software 2014-01-08 12:37 - 2014-01-08 12:38 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-08 12:34 - 2014-01-08 17:05 - 00000000 ____D C:\ProgramData\MFAData 2014-01-08 12:34 - 2014-01-08 12:56 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014 2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData 2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk 2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2014-01-06 15:34 - 2014-01-07 15:32 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED 2014-01-04 16:54 - 2014-01-06 15:59 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk 2014-01-04 16:04 - 2014-01-04 16:05 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted 2014-01-03 00:22 - 2014-01-07 03:52 - 00005034 _____ C:\Windows\PFRO.log 2014-01-03 00:22 - 2014-01-03 00:23 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner 2014-01-01 11:47 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk 2014-01-01 11:47 - 2014-01-04 16:54 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153} 2013-12-25 01:52 - 2013-12-26 00:42 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4) 2013-12-25 01:19 - 2013-12-25 01:20 - 00000318 _____ C:\Windows\SIERRA.INI 2013-12-25 01:19 - 1998-01-23 12:22 - 00304128 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2013-12-24 23:23 - 2013-12-25 01:54 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat 2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's 2013-12-24 21:14 - 2014-01-03 00:24 - 00000000 ____D C:\ProgramData\ProductData 2013-12-14 22:53 - 2013-12-14 23:24 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data 2013-12-14 22:45 - 2014-01-05 21:00 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data 2013-12-14 22:44 - 2013-12-14 22:51 - 00000983 _____ C:\Windows\eReg.dat 2013-12-14 08:02 - 2013-12-24 21:17 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk 2013-12-14 07:58 - 2013-12-14 08:02 - 00000965 _____ C:\Windows\Rtcw.INI 2013-12-14 00:20 - 2013-12-14 00:21 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip 2013-12-12 23:30 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-12 23:30 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-12 23:30 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-12 23:30 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-12 23:30 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-12 23:30 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-12 23:30 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-12 23:30 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-12 23:29 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2013-12-12 23:29 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-12 23:29 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-12 23:29 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-12 23:27 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2013-12-12 23:27 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2013-12-12 23:27 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2013-12-12 23:27 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2013-12-12 23:27 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2013-12-12 23:27 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2013-12-12 23:27 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2013-12-12 23:27 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml 2013-12-12 23:27 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2013-12-12 23:27 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-12-12 23:27 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2013-12-12 23:27 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-12-12 23:27 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2013-12-12 23:27 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2013-12-12 23:27 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2013-12-12 23:27 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2013-12-12 11:28 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-12 11:28 - 2012-10-11 08:02 - 01636672 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2013-12-12 11:28 - 2012-10-11 06:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2013-12-12 11:28 - 2012-10-11 06:19 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2013-12-12 11:28 - 2012-10-11 06:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 11:27 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 11:27 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2013-12-12 11:27 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 11:27 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 11:27 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 11:27 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2013-12-12 11:27 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 10:17 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-12 10:17 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-12 10:17 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 10:17 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 10:17 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 08:56 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 08:56 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll ==================== One Month Modified Files and Folders ======= 2014-01-08 21:16 - 2014-01-08 21:16 - 00010538 _____ C:\Users\Metallica41\Desktop\FRST.txt 2014-01-08 21:15 - 2014-01-08 21:15 - 00448512 _____ (OldTimer Tools) C:\Users\Metallica41\Downloads\TFC.exe 2014-01-08 21:12 - 2013-09-06 22:59 - 00000387 _____ C:\Users\Metallica41\AppData\Roaming\sp_data.sys 2014-01-08 21:12 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-08 21:11 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2014-01-08 21:10 - 2014-01-08 20:50 - 00000000 ____D C:\FRST 2014-01-08 21:09 - 2014-01-08 21:09 - 01931770 _____ (Farbar) C:\Users\Metallica41\Desktop\FRST64.exe 2014-01-08 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru 2014-01-08 20:47 - 2013-06-09 18:00 - 00000000 ____D C:\Users\Metallica41\Desktop\New folder (2) 2014-01-08 20:45 - 2013-11-09 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-08 20:42 - 2012-10-24 22:03 - 01360120 _____ C:\Windows\WindowsUpdate.log 2014-01-08 17:05 - 2014-01-08 12:34 - 00000000 ____D C:\ProgramData\MFAData 2014-01-08 15:01 - 2014-01-08 15:00 - 00283800 _____ C:\Windows\Minidump\010814-61562-01.dmp 2014-01-08 15:00 - 2014-01-08 14:56 - 00000000 ____D C:\Windows\Minidump 2014-01-08 15:00 - 2014-01-08 14:55 - 327547873 _____ C:\Windows\MEMORY.DMP 2014-01-08 14:56 - 2014-01-08 14:56 - 00262144 _____ C:\Windows\Minidump\010814-54937-01.dmp 2014-01-08 14:56 - 2013-09-06 22:42 - 00000000 ____D C:\Users\Metallica41 2014-01-08 14:07 - 2014-01-08 14:07 - 00000678 _____ C:\Users\Public\Desktop\Oblivion.lnk 2014-01-08 14:03 - 2014-01-08 14:02 - 00028236 _____ C:\Windows\DirectX.log 2014-01-08 14:01 - 2013-03-25 18:48 - 00000000 ____D C:\Users\Metallica41\Documents\My Games 2014-01-08 13:49 - 2013-11-02 06:47 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\uTorrent 2014-01-08 12:56 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\Avg2014 2014-01-08 12:55 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM 2014-01-08 12:39 - 2014-01-08 12:39 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\AVG2014 2014-01-08 12:38 - 2014-01-08 12:38 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2014-01-08 12:38 - 2014-01-08 12:38 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\TuneUp Software 2014-01-08 12:38 - 2014-01-08 12:37 - 00000000 ____D C:\ProgramData\AVG2014 2014-01-08 12:38 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ___HD C:\$AVG 2014-01-08 12:37 - 2014-01-08 12:37 - 00000000 ____D C:\Program Files (x86)\AVG 2014-01-08 12:34 - 2014-01-08 12:34 - 00000000 ____D C:\Users\Metallica41\AppData\Local\MFAData 2014-01-07 15:32 - 2014-01-06 15:34 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Elder.Scrolls.IV.Oblivion-RELOADED 2014-01-07 14:00 - 2013-11-16 14:30 - 00000000 ____D C:\Users\Metallica41\Downloads\New folder 2014-01-07 12:54 - 2013-09-07 20:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-473922799-1250382268-3828485289-1001 2014-01-07 11:42 - 2014-01-07 11:42 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll 2014-01-07 03:52 - 2014-01-03 00:22 - 00005034 _____ C:\Windows\PFRO.log 2014-01-06 22:49 - 2014-01-06 22:49 - 00000897 _____ C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MassEffect.lnk 2014-01-06 22:48 - 2014-01-06 22:48 - 00000000 ____D C:\Users\Metallica41\Documents\BioWare 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\ProgramData\SystemRequirementsLab 2014-01-06 17:20 - 2014-01-06 17:20 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2014-01-06 15:59 - 2014-01-04 16:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2014-01-05 21:00 - 2013-12-14 22:45 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Data 2014-01-04 16:54 - 2014-01-04 16:54 - 00001009 _____ C:\Users\Metallica41\Desktop\SpeedFan.lnk 2014-01-04 16:54 - 2014-01-01 11:47 - 00001009 _____ C:\Users\Administrator\Desktop\SpeedFan.lnk 2014-01-04 16:54 - 2014-01-01 11:47 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2014-01-04 16:05 - 2014-01-04 16:04 - 00000000 ____D C:\Users\Metallica41\Documents\NFS Most Wanted 2014-01-03 00:24 - 2013-12-24 21:14 - 00000000 ____D C:\ProgramData\ProductData 2014-01-03 00:23 - 2014-01-03 00:22 - 00283248 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-02 17:21 - 2013-09-06 23:37 - 00000000 ____D C:\Windows.old 2014-01-02 17:20 - 2013-11-24 20:53 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 2014-01-02 17:20 - 2013-10-11 15:06 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cs 1.6 Background Maker v3.0 2014-01-02 17:19 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther 2014-01-02 17:10 - 2014-01-02 17:10 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-01-02 17:10 - 2014-01-02 17:10 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2014-01-02 17:10 - 2014-01-02 17:10 - 00000000 ____D C:\Program Files\CCleaner 2014-01-01 16:26 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent 2014-01-01 11:42 - 2014-01-01 11:42 - 00003152 _____ C:\Windows\System32\Tasks\{8A23795F-E7F5-474A-9868-DCB5B069D153} 2013-12-26 00:42 - 2013-12-25 01:52 - 00000000 ___HD C:\Users\Metallica41\Desktop\New folder (4) 2013-12-25 01:54 - 2013-12-24 23:23 - 00000700 ___SH C:\Users\Metallica41\AppData\Local\systemFL7.dat 2013-12-25 01:22 - 2012-10-24 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-12-25 01:20 - 2013-12-25 01:19 - 00000318 _____ C:\Windows\SIERRA.INI 2013-12-25 00:00 - 2013-10-11 20:10 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Skype 2013-12-24 23:12 - 2013-12-24 23:12 - 00000000 ____D C:\Program Files (x86)\NewSoftware's 2013-12-24 21:17 - 2013-12-14 08:02 - 00000000 ____D C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein 2013-12-14 23:24 - 2013-12-14 22:53 - 00000000 ____D C:\Users\Metallica41\Documents\Command and Conquer Generals Zero Hour Data 2013-12-14 22:51 - 2013-12-14 22:44 - 00000983 _____ C:\Windows\eReg.dat 2013-12-14 20:56 - 2013-11-30 10:03 - 00000000 ____D C:\Users\Metallica41\Downloads\Guitar Pro 5 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Single Player).lnk 2013-12-14 08:02 - 2013-12-14 08:02 - 00000838 _____ C:\Users\Administrator\Desktop\Wolfenstein (Multiplayer).lnk 2013-12-14 08:02 - 2013-12-14 07:58 - 00000965 _____ C:\Windows\Rtcw.INI 2013-12-14 00:21 - 2013-12-14 00:20 - 00000000 ____D C:\Users\Metallica41\Downloads\The.Hobbit.The.Desolation.of.Smaug.2013.DVDRip 2013-12-13 16:40 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache 2013-12-13 10:28 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB 2013-12-13 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB 2013-12-13 10:21 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe 2013-12-12 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates 2013-12-10 19:45 - 2013-11-09 15:40 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-10 14:13 - 2013-10-11 20:10 - 00000000 ____D C:\ProgramData\Skype ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-08 12:49 ==================== End Of Log ============================ Evo uradio sam mogu reci da vise nema coin miner otkad sam obrisao ona 2 virusa ako nesto jos treba da uradim javite!

Profil

ivance95 Poslao: 08 Jan 2014 21:44 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moramo da ponovimo skriptu. Nakon ovoga će ti se kompjuter restartovati, ugasi sve programe pre pokretanja. Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora. `Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk CMD: shutdown /r /t3` U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt). Potrebno je da fixlog.txt kopiras na forum Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop: TDSSKiller Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; preimenuj TDSSKiller.exe u MyCity.exe; dvoklikom pokreni program MyCity.exe; klik na dugme Start Scan. Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now. Okaci mi sadrzaj log-a sa sledece lokacije: C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt (DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen) Ivance95 (AMF Tim)

Profil

Killer7 Poslao: 09 Jan 2014 11:01 Idi na vrh
offline Killer7 Super građanin Istrazivanje Windowsa Pridružio: 12 Jul 2012 Poruke: 1023	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 08 Jan 2014 22:38 ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01 Ran by Metallica41 at 2014-01-08 22:33:14 Run:2 Running from C:\Users\Metallica41\Desktop Boot Mode: Normal ============================================== Content of fixlist: *************** Startup: C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk CMD: shutdown /r /t3 ************* C:\Users\Metallica41\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk => Moved successfully. ========= shutdown /r /t3 ========= Usage: shutdown [/i \| /l \| /s \| /r \| /g \| /a \| /p \| /h \| /e \| /o] [/hybrid] [/f] [/m \\computer][/t xxx][/d [p\|u:]xx:yy [/c "comment"]] No args Display help. This is the same as typing /?. /? Display help. This is the same as not typing any options. /i Display the graphical user interface (GUI). This must be the first option. /l Log off. This cannot be used with /m or /d options. /s Shutdown the computer. /r Full shutdown and restart the computer. /g Full shutdown and restart the computer. After the system is rebooted, restart any registered applications. /a Abort a system shutdown. This can only be used during the time-out period. /p Turn off the local computer with no time-out or warning. Can be used with /d and /f options. /h Hibernate the local computer. Can be used with the /f option. /hybrid Performs a shutdown of the computer and prepares it for fast startup. Must be used with /s option. /e Document the reason for an unexpected shutdown of a computer. /o Go to the advanced boot options menu and restart the computer. Must be used with /r option. /m \\computer Specify the target computer. /t xxx Set the time-out period before shutdown to xxx seconds. The valid range is 0-315360000 (10 years), with a default of 30. If the timeout period is greater than 0, the /f parameter is implied. /c "comment" Comment on the reason for the restart or shutdown. Maximum of 512 characters allowed. /f Force running applications to close without forewarning users. The /f parameter is implied when a value greater than 0 is specified for the /t parameter. /d [p\|u:]xx:yy Provide the reason for the restart or shutdown. p indicates that the restart or shutdown is planned. u indicates that the reason is user defined. If neither p nor u is specified the restart or shutdown is unplanned. xx is the major reason number (positive integer less than 256). yy is the minor reason number (positive integer less than 65536). Reasons on this computer: (E = Expected U = Unexpected P = planned, C = customer defined) Type Major Minor Title U 0 0 Other (Unplanned) E 0 0 Other (Unplanned) E P 0 0 Other (Planned) U 0 5 Other Failure: System Unresponsive E 1 1 Hardware: Maintenance (Unplanned) E P 1 1 Hardware: Maintenance (Planned) E 1 2 Hardware: Installation (Unplanned) E P 1 2 Hardware: Installation (Planned) E 2 2 Operating System: Recovery (Planned) E P 2 2 Operating System: Recovery (Planned) P 2 3 Operating System: Upgrade (Planned) E 2 4 Operating System: Reconfiguration (Unplanned) E P 2 4 Operating System: Reconfiguration (Planned) P 2 16 Operating System: Service pack (Planned) 2 17 Operating System: Hot fix (Unplanned) P 2 17 Operating System: Hot fix (Planned) 2 18 Operating System: Security fix (Unplanned) P 2 18 Operating System: Security fix (Planned) E 4 1 Application: Maintenance (Unplanned) E P 4 1 Application: Maintenance (Planned) E P 4 2 Application: Installation (Planned) E 4 5 Application: Unresponsive E 4 6 Application: Unstable U 5 15 System Failure: Stop error U 5 19 Security issue (Unplanned) E 5 19 Security issue (Unplanned) E P 5 19 Security issue (Planned) E 5 20 Loss of network connectivity (Unplanned) U 6 11 Power Failure: Cord Unplugged U 6 12 Power Failure: Environment P 7 0 Legacy API shutdown ========= End of CMD: ========= ==== End of Fixlog ==== Evo: [Link mogu videti samo ulogovani korisnici]** Nema nijednog virusa,da li smo zavrsili? Dopuna: 09 Jan 2014 11:01 Nadam se da smo zavrsili jer vise nema tog coin miner obrisao sam ga sa AVG Inace hvala vam na pomoci ako jos nesto treba da uradim slobodno javite!

Profil

ivance95 Poslao: 09 Jan 2014 11:45 Idi na vrh
offline ivance95 AMF pripravnik Pridružio: 04 Jul 2011 Poruke: 5424	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesmo, kompjuter je sada čist. Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop Dvoklikom pokreni program. Štikliraj sledeće opcije: Remove disinfection tools Purge System Restore Reset system settings Klikni na dugme "Run" i pričekaj da program završi rad. Alat ce ukloniti sve koriscene alate u ovoj temi... Kada alat završi, otvoriće izvestaj u notepadu. Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt Nije potrebno dostavljati izvestaj. Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja. Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u. Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente [Link mogu videti samo ulogovani korisnici] Ivance95 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Sta je coin miner? Macromedia

Ko je trenutno na forumu

Ukupno su 956 korisnika na forumu :: 58 registrovanih, 7 sakrivenih i 891 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Abebe Bikila, acatomic, alberto, alternator, ArchaBasha, Atomski čoban, baltazar01, bladesu, Bojan198527, bokisha253, Boris90, BOXRR, bozomotika, cenejac111, Dare, Dioniss, Djole3621, draganca, Džekson, Electron, elias, Fabius, flash12, Gerila015, HPkopun, Kozi-RS, Kuroje, kybonacci, Limeni91, ljuba.b, lucko1, Macalone, Marko1238, Mercury, Mitch22, Mitogna, Mićko, moldway, Nadla, Nemanja Opalić, Njubara, Pale2025, Povratak1912, savaskytec, Sevetar, Sirius, sspp, SympathyForTheDevil, synergia, tamno.nebo, tecataki, vladaa012, Vlado82, W123, Webb, zombicar153, Zorge, zrno

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by