Usporen racunar

Usporen racunar

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Zdravo ljudi! Imam jedan problem sa kompjuterom. Radio je sve super i danas ga ukljucim i Cpu usage stoji na 100% ne ide nimalo dole.



Takodje svchost.exe trosi najvise cpu usage, uvek stoji na 100% i krece se tu negde.



pokusao sam da otvorim antivirus da skenira ali jednostavno ne moze. Mnogo koci i onda zablokira ceo racunar.

Takodje FRST da skenira trebalo mu je najmanje 20 minuta...

Frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by Slavko (administrator) on RADIC (11-11-2016 17:50:29)
Running from C:\Users\Slavko\Downloads
Loaded Profiles: Slavko (Available Profiles: Slavko)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-859166887-1194367745-2164962518-1001\...\MountPoints2: E - E:\setup.exe /autorun
HKU\S-1-5-21-859166887-1194367745-2164962518-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\lol.scr

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166
Tcpip\..\Interfaces\{D9D0D402-FF94-4F45-919F-87A332A62404}: [DhcpNameServer] 212.200.191.166 212.200.190.166

Internet Explorer:
==================
HKU\S-1-5-21-859166887-1194367745-2164962518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=cr,ssl&ei=FbGkU-TMJoWl4gSs0IGIAw
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-13] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-13] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Slavko\AppData\Roaming\Mozilla\Firefox\Profiles\40s4n8m4.default-1437050780435 [2016-11-11]
FF Homepage: Mozilla\Firefox\Profiles\40s4n8m4.default-1437050780435 -> hxxps://www.google.rs/?gws_rd=cr,ssl&ei=n6enVdnwDsT-ywOiqrfoCQ
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Slavko\AppData\Roaming\Mozilla\Firefox\Profiles\40s4n8m4.default-1437050780435\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-13] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-859166887-1194367745-2164962518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Slavko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4149312 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [605336 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720 2015-03-28] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257792 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [218880 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [197376 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-03-30] (Power Software Ltd)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11376 2009-07-21] () [File not signed]
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)
S3 cpuz138; \??\C:\Users\Slavko\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 17:50 - 2016-11-11 17:57 - 00007664 _____ C:\Users\Slavko\Downloads\FRST.txt
2016-11-11 17:50 - 2016-11-11 17:50 - 00000000 ____D C:\FRST
2016-11-11 17:49 - 2016-11-11 17:49 - 01759744 _____ (Farbar) C:\Users\Slavko\Downloads\FRST.exe
2016-10-29 23:13 - 2016-10-29 23:13 - 00000000 ____D C:\Program Files\MSXML 4.0
2016-10-29 19:40 - 2016-10-29 19:40 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\Microsoft Games
2016-10-29 19:39 - 2016-10-29 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-10-29 17:35 - 2016-10-29 17:37 - 00000000 ____D C:\Users\Slavko\Downloads\Rise of Nations and Thrones and Patriots
2016-10-27 16:20 - 2016-10-27 16:20 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\AVG
2016-10-27 16:20 - 2016-10-27 16:20 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-27 16:19 - 2016-10-27 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-27 16:18 - 2016-10-27 16:18 - 00000000 ___HD C:\$AVG
2016-10-27 16:15 - 2016-11-01 14:25 - 00000954 _____ C:\Users\Public\Desktop\AVG.lnk
2016-10-27 16:15 - 2016-11-01 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-10-27 16:13 - 2016-10-27 16:17 - 00000000 ____D C:\Program Files\AVG
2016-10-16 17:59 - 2016-10-16 17:59 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\CELSYS
2016-10-16 17:58 - 2016-10-16 17:58 - 00000000 ____D C:\Users\Slavko\Documents\CELSYS_EN
2016-10-16 17:58 - 2016-10-16 17:58 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\CELSYS_EN
2016-10-16 17:38 - 2016-10-16 17:38 - 00001022 _____ C:\Users\Public\Desktop\CLIP STUDIO PAINT.lnk
2016-10-16 17:38 - 2016-10-16 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2016-10-16 17:38 - 2016-10-16 17:38 - 00000000 ____D C:\ProgramData\CELSYS_EN
2016-10-16 17:38 - 2016-10-16 17:38 - 00000000 ____D C:\Program Files\CELSYS
2016-10-16 17:23 - 2016-10-16 17:24 - 00001872 _____ C:\Users\Slavko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-10-16 17:23 - 2016-10-16 17:24 - 00001819 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-10-12 18:01 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 18:01 - 2016-07-22 15:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 18:00 - 2016-09-30 20:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 18:00 - 2016-09-30 16:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-12 18:00 - 2016-09-30 16:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 18:00 - 2016-09-30 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 18:00 - 2016-09-30 06:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 18:00 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 18:00 - 2016-09-30 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 18:00 - 2016-09-30 06:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 18:00 - 2016-09-30 06:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 18:00 - 2016-09-30 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 18:00 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 18:00 - 2016-09-30 06:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 18:00 - 2016-09-30 06:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 18:00 - 2016-09-30 06:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 18:00 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 18:00 - 2016-09-30 06:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 18:00 - 2016-09-30 06:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 18:00 - 2016-09-30 06:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 18:00 - 2016-09-30 06:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 18:00 - 2016-09-30 06:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 18:00 - 2016-09-30 06:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 18:00 - 2016-09-30 06:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 18:00 - 2016-09-30 06:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 18:00 - 2016-09-30 06:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 18:00 - 2016-09-30 06:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 18:00 - 2016-09-30 06:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 18:00 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 18:00 - 2016-09-30 06:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 18:00 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 18:00 - 2016-09-30 06:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 18:00 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 18:00 - 2016-09-30 06:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 18:00 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 18:00 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 18:00 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 18:00 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 18:00 - 2016-09-15 16:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 18:00 - 2016-09-15 16:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 18:00 - 2016-09-12 21:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 18:00 - 2016-09-12 21:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 18:00 - 2016-09-12 21:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 18:00 - 2016-09-12 21:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 18:00 - 2016-09-12 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 18:00 - 2016-09-12 21:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 18:00 - 2016-09-12 21:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 18:00 - 2016-09-12 21:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 18:00 - 2016-09-12 21:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 18:00 - 2016-09-12 21:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 18:00 - 2016-09-12 21:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 18:00 - 2016-09-12 21:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 18:00 - 2016-09-12 20:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 18:00 - 2016-09-12 20:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 18:00 - 2016-09-10 16:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 18:00 - 2016-09-09 19:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 18:00 - 2016-09-09 19:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 18:00 - 2016-09-09 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 18:00 - 2016-09-09 18:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 18:00 - 2016-09-09 18:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 18:00 - 2016-09-09 18:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 18:00 - 2016-09-09 18:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 18:00 - 2016-09-09 18:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 18:00 - 2016-09-09 18:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 18:00 - 2016-09-09 18:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 18:00 - 2016-09-09 18:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 18:00 - 2016-09-09 18:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 18:00 - 2016-09-09 18:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 18:00 - 2016-09-09 18:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 18:00 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 18:00 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 18:00 - 2016-09-08 15:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 18:00 - 2016-09-08 15:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 18:00 - 2016-08-16 19:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-12 18:00 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 18:00 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 18:00 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 18:00 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 18:00 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 18:00 - 2016-08-12 17:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 18:00 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 18:00 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 18:00 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 18:00 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 18:00 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 18:00 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 18:00 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 18:00 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 18:00 - 2016-06-14 16:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 18:00 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 18:00 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 18:00 - 2016-06-14 16:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 18:00 - 2016-06-14 16:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 18:00 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 18:00 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 18:00 - 2016-06-14 16:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 18:00 - 2016-06-14 15:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 18:00 - 2016-06-14 15:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 18:00 - 2016-06-14 15:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 17:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 15:30 - 2009-07-14 05:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-11 15:30 - 2009-07-14 05:34 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-11 15:08 - 2014-06-25 11:10 - 00000000 ____D C:\ProgramData\MFAData
2016-11-05 10:43 - 2010-11-20 22:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-05 10:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-10-29 23:24 - 2015-06-13 18:28 - 00000000 ____D C:\Users\Slavko\Documents\My Games
2016-10-29 23:05 - 2014-06-19 09:09 - 00000000 ____D C:\Users\Slavko\Desktop\Games
2016-10-29 23:05 - 2014-06-18 23:44 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 19:33 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Microsoft Games
2016-10-29 18:42 - 2014-06-18 19:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-29 18:03 - 2014-06-18 18:42 - 00000000 ____D C:\Users\Slavko\AppData\Roaming\uTorrent
2016-10-29 16:54 - 2014-06-18 19:00 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-29 16:54 - 2014-06-18 19:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-29 16:54 - 2014-06-18 19:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-29 16:53 - 2014-06-18 18:58 - 00000000 ____D C:\Users\Slavko\AppData\Local\Adobe
2016-10-28 13:33 - 2015-09-10 06:57 - 00000338 _____ C:\Windows\Tasks\0915avUpdateInfo.job
2016-10-28 13:33 - 2015-05-10 12:00 - 00000318 _____ C:\Windows\Tasks\0415avUpdateInfo.job
2016-10-27 16:21 - 2015-07-08 12:16 - 00000000 ____D C:\Users\Slavko\AppData\Local\Avg
2016-10-27 16:17 - 2015-11-22 10:35 - 00000000 ____D C:\Users\Slavko\AppData\Local\AvgSetupLog
2016-10-27 16:15 - 2015-11-22 10:37 - 00000000 ____D C:\ProgramData\Avg
2016-10-21 17:32 - 2014-09-19 06:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-21 17:32 - 2014-07-30 19:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-16 17:38 - 2014-06-18 23:31 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-16 17:35 - 2016-04-08 23:31 - 00000000 ____D C:\Users\Slavko\Downloads\New folder
2016-10-16 17:27 - 2016-04-17 10:06 - 00000000 ____D C:\AdwCleaner
2016-10-15 14:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-10-12 20:42 - 2016-10-10 14:30 - 00296992 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-12 20:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-12 18:21 - 2014-08-23 12:46 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 18:15 - 2014-08-23 12:45 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-08-22 15:26 - 2015-08-22 15:26 - 1419368 ____T (CPUID) C:\Users\Slavko\AppData\Roaming\cpuidsdk.dll
2015-08-22 15:25 - 2015-08-22 15:25 - 0159200 ____T () C:\Users\Slavko\AppData\Roaming\CrashRpt1402.dll
2015-08-22 15:25 - 2015-08-22 15:25 - 0008214 ____T () C:\Users\Slavko\AppData\Roaming\crashrpt_lang.ini
2015-08-22 15:25 - 2015-08-22 15:25 - 0997344 ____T () C:\Users\Slavko\AppData\Roaming\CrashSender1402.exe
2015-08-22 15:25 - 2015-08-22 15:25 - 1080656 ____T (Microsoft Corporation) C:\Users\Slavko\AppData\Roaming\dbghelp.dll
2014-08-28 20:13 - 2015-07-14 14:46 - 0007598 _____ () C:\Users\Slavko\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Slavko\AppData\Local\Temp\EBU7993.EXE
C:\Users\Slavko\AppData\Local\Temp\libeay32.dll
C:\Users\Slavko\AppData\Local\Temp\msvcr120.dll
C:\Users\Slavko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 14:18

==================== End of FRST.txt ============================

Additional:

https://www.mycity.rs/must-login.png

Ne znam stvarno sta se desava ali mnogo koci i cpu se nimalo ne skida sa 100%. Hvala na vremenu!

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
File: C:\Windows\system32\Drivers\secdrv.sys
AlternateDataStreams: C:\ProgramData\TEMP:B0A7AFFA [104]
AlternateDataStreams: C:\ProgramData\TEMP:ED2BA097 [138]
FirewallRules: [TCP Query User{9A1B9180-7640-47FE-AD79-B568718D26DF}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{1C53EA50-7D43-4255-8296-9D0FA1EE4CD1}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
C:\windows\system32\dplaysvr.exe
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,


Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Evo fixlog.

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Slavko (11-11-2016 21:00:19) Run:1
Running from C:\Users\Slavko\Desktop
Loaded Profiles: Slavko (Available Profiles: Slavko)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
File: C:\Windows\system32\Drivers\secdrv.sys
AlternateDataStreams: C:\ProgramData\TEMP:B0A7AFFA [104]
AlternateDataStreams: C:\ProgramData\TEMP:ED2BA097 [138]
FirewallRules: [TCP Query User{9A1B9180-7640-47FE-AD79-B568718D26DF}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{1C53EA50-7D43-4255-8296-9D0FA1EE4CD1}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
C:\windows\system32\dplaysvr.exe
EmptyTemp:
*****************

Restore point was successfully created.

========================= File: C:\Windows\system32\Drivers\secdrv.sys ========================

File not signed
MD5: C71394D99A04CA76484492F590C9CBA5
Creation and modification date: 2009-07-21 21:34 - 2009-07-21 21:34
Size: 0011376
Attributes: ---RA
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\ProgramData\TEMP => ":B0A7AFFA" ADS removed successfully..
C:\ProgramData\TEMP => ":ED2BA097" ADS removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9A1B9180-7640-47FE-AD79-B568718D26DF}C:\windows\system32\dplaysvr.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C53EA50-7D43-4255-8296-9D0FA1EE4CD1}C:\windows\system32\dplaysvr.exe => value removed successfully.
Could not move "C:\windows\system32\dplaysvr.exe" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

Adware cleaner nije nista pronasao. Tako da nisam ni mogao da okacim izvestaj jer nicega nije ni bilo. Takodje FRST uvek ne stane sa racunara. Kada god resetujem racunar FRST ne stane sa desktopa gde sam ga stavio. Ne znam sta se desava ali stoji na 100% Cpu usage konstantno. Ne skida se.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Pitanje je koliko dugo ce trebati ovom alatu da zavrsi, imajuci u vidu problem koji imas, ali bih te zamolio za strpljenje i da pustis alat da odradi do kraja. Skeniranje obicno traje ne duze od 20 minuta, ali rekoh, pitanje je koliko ce trajati kod tebe zbog zauzeca CPU.

Arrow Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Trajalo je oko 30 minuta.

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.11.12.05
rootkit: v2016.10.31.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18499
Slavko :: RADIC [administrator]

12.11.2016 13:43:13
mbar-log-2016-11-12 (13-43-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 271762
Time elapsed: 34 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Slavko\AppData\Local\Temp\5AA3D093-831A-4228-9FD4-AF3E67A4A4DF\kcevickmanivze.ru_World.exe (Adware.HPDefender) -> Delete on reboot. [461fac13c6d4ab8bd01acaeba063f30d]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

https://www.mycity.rs/must-login.png

Znas kako racunar nije vise toliko spor kao pre ali i dalje ima cpu usage 100%. Njie uvek znaci privih 10 minuta rada ono stoji na 0 i onda se poveca na 100% i samo stoji tako. Meni racunar ide stvarno brzo ne koci sada vise nista ali kada igram igre na primer onda baguje i to me nervira ali ovako dok otvaram dadoteke i internet radi savrseno.



Ne znam da li je to neki bug ili je nesto opasno. To se pocelo desavati od kada sam instalirao jednu igru. Mislim i tada je racunar radio kako treba al eto jednog dana to mi se pojavilo pa ne znam da li da izbrisem tu igru.

Kao sto sam rekao ne smeta mi 100% cpu jer racunar radi brzo nije ono spor ali ne razumem zasto tako stoji...

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

Procesor koji ti imas je za danasnje standarde jedva upotrebljiv, to trebas imati na umu.

Ako vec sumnjas na neke aplikacije, deinstaliraj ih, pa onda vidi kakvo je stanje.
Pokusaj da deinstaliras antivirus, pa da vidis kakvo je stanje. Naravno, nakon toga vrati taj isti antivirus ako se problem nije resio, ili preuzmi neki drugi!

Preporucio bih ti da otvoris temu u Hardver delu foruma i proveris temperature komponenata, i to nekad moze biti problem.

Proveri u BIOS-u da li ti je "Speedstep" ukljucen (enabled). Takodje, proveri da li hardver koji imas podrzava Windows 7 tj. da li je bilo nekih problema korisnika koji su koristili Windows 7 sa tim hardverom (maticna, procesor).

Sto se tice malvera, tvoj racunar je cist i malver nije uzrok problema koji imas.

Sledeća procedura će implementirati završno čišćenje.



Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;
Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.

Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Ukoliko neki alat ili izveštaj nije uklonjen, slobodno ih obriši ručno.


Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)
- Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
- DelFix briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Istrazivanje Windowsa
  • Pridružio: 12 Jul 2012
  • Poruke: 1023

Napisano: 13 Nov 2016 12:29

Ja te upotpunosti razumem za procesor da nije za danasnji standard ali sve je radilo super. I odjedanput je Cpu usage skocio na 100% a to se desilo jedne noci kad su moji ukucani gledali film na internetu i odmah posle toga je tako poceo da radi. Sta su oni tada radili ja stvarno ne znam jer nisam bio u kuci.

Antivirus sam obrisao i stanje je isto on nije bio uzrok problema. Evo gledao sam i temperature one su dobre.



Tako da pregrejavanje nije u pitanju. Koliko ja znam svi hardveri su u dobrom stanju i rade na Windows 7 nema tu nikakvih problema.

Uradio sam Delfix alat.

Jedino nisam video za ''Speedstep'' u biosu i to idem sada proveriti ali ne znam da li ja uopste imam tu opciju jer mi je maticna jako stara.

I ne smeta meni sto mi je Cpu 100% jer ja ne vidim nikakvo kocenje na racunaru dok gledam internet,itd. Jedino dok igram igre onda krene da koci onako malo po malo. Tako da cu videti nesto da uradim u vezi ovoga. Mozda je zbog Windows update nekog , vise nisam pametan ni ja.

Nista hvala ti mnogo za pomoc oko Malware i ovih stvari! pozz!

Dopuna: 13 Nov 2016 13:06

return void - Druze mislim da sam popravio racunar! Ljudi ako imate problem sa svchost.exe da vam uzima 100% Cpu i veoma mnogo Ram memorije kao sto je meni, uradite ovo sto sam i ja.

Isao sam Windows key+Run i ukucao sam ''services.msc''. Kada sam usao tamo, skrolovao sam skroz dole i Windows update servis sam iskljucio. Stavio sam da je ''disabled'' da se ne ukljucuje i stopirao sam servis. posle ovoga Cpu se smanjio na 0 i ide gore samo uz potrebe kada imam Firefox ukljucen,itd. Sve super radi i trosak Ram memorije se sa 1 GB smanjio na 800 MB.

Ja razumem da sad Windows update nije vise ukljucen ali ja mogu manualno skidati update, kad mi bude trebalo samo cu ponovo ukljuciti servis i skinuti i onda ponovo iskljuciti.

Eto pa ako nekom zatreba resenje evo ga ovde. Very Happy Da ne kazete da sam resio a nisam hteo reci!

Ko je trenutno na forumu
 

Ukupno su 1212 korisnika na forumu :: 41 registrovanih, 5 sakrivenih i 1166 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., AK - 230, AMCXXL, Andrija357, babaroga, BORUTUS, Bubimir, DonRumataEstorski, dragoljub11987, Duh sa sekirom, FOX, GenZee, Georgius, havoc995, ILGromovnik, jaeger, krkalon, Kruger, Krusarac, Krvava Devetka, ladro, Lieutenant, lord sir giga, Lubica, manda87, Marko Marković, mercedesamg, pera bager, samsung, Sančo, sombrero, theNedjeljko, tubular, vasa.93, VJ, Vlada78, voja64, VP6919, vukovi, zdrebac