Provjera racunara

• 1Ovo se svidja korisniku: Alien vs Predator
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

U poslednje vrijeme, par mjeseci, racunar se ponasa vrlo cudno. Prilikom ukljucivanja vrlo sporo se podize sistem, wireless signal veoma sporo konektuje.
Pretrazivaci interneta (Chrome i IE) u odredjenim situacijama ne reaguju i po par minuta bivaju "ukoceni". U prethodnih par mjeseci sam promijenio samo dva antivirusa i to Avast i Avira (da kazem vrsim kombinaciju istih po par mjeseci). Redovno skeniram racunar sa AV i naravno, ne pronalazi nista. Redovno koristim Ccleaner i RFA kako bih malo "ocistio" racunar od raznih nepotrebnih stvari.

Log za provjeru

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by erin at 16:22:24 on 2014-01-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1643.736 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C868C863-581A-4D07-BD6F-D98A80AEFFAC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C868C863-581A-4D07-BD6F-D98A80AEFFAC}\164626132333435363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C868C863-581A-4D07-BD6F-D98A80AEFFAC}\3756B657C69636 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C868C863-581A-4D07-BD6F-D98A80AEFFAC}\478747474747 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C868C863-581A-4D07-BD6F-D98A80AEFFAC}\77962756C6563737 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-6 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-6 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-6 410528]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-8-1 35560]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-5 176128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-6 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-6 50344]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-19 1817088]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-6 64168]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2013-5-19 251496]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-11 1343400]
.
=============== Created Last 30 ================
.
2014-01-10 20:05:00 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a82ebb52-f88a-48e1-9a07-ae8298bdbec0}\offreg.dll
2014-01-10 14:15:05 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a82ebb52-f88a-48e1-9a07-ae8298bdbec0}\mpengine.dll
2014-01-07 11:31:29 -------- d-----w- c:\program files\Defraggler
2014-01-06 11:35:53 -------- d-----w- c:\users\erin\appdata\roaming\AVAST Software
2014-01-06 11:34:59 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-06 11:34:59 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 11:34:58 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-06 11:34:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 11:34:52 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-06 11:34:51 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-06 11:34:45 43152 ----a-w- c:\windows\avastSS.scr
2014-01-06 11:34:05 -------- d-----w- c:\program files\AVAST Software
2014-01-06 11:33:13 -------- d-----w- c:\programdata\AVAST Software
2013-12-27 19:59:15 -------- d-----w- c:\windows\en
2013-12-27 19:58:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-12-27 19:56:44 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-27 19:56:44 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-27 19:56:43 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-27 19:56:43 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-27 19:55:51 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-27 19:55:17 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-27 19:54:18 89944 -c--a-w- c:\program files\common files\windows live\.cache\6b4e38341cf033d05\DSETUP.dll
2013-12-27 19:54:18 537432 -c--a-w- c:\program files\common files\windows live\.cache\6b4e38341cf033d05\DXSETUP.exe
2013-12-27 19:54:18 1801048 -c--a-w- c:\program files\common files\windows live\.cache\6b4e38341cf033d05\dsetup32.dll
2013-12-27 19:54:13 94040 -c--a-w- c:\program files\common files\windows live\.cache\680458101cf033d04\DSETUP.dll
2013-12-27 19:54:13 525656 -c--a-w- c:\program files\common files\windows live\.cache\680458101cf033d04\DXSETUP.exe
2013-12-27 19:54:13 1691480 -c--a-w- c:\program files\common files\windows live\.cache\680458101cf033d04\dsetup32.dll
2013-12-27 19:53:59 89944 -c--a-w- c:\program files\common files\windows live\.cache\60da70161cf033d01\DSETUP.dll
2013-12-27 19:53:59 537432 -c--a-w- c:\program files\common files\windows live\.cache\60da70161cf033d01\DXSETUP.exe
2013-12-27 19:53:59 1801048 -c--a-w- c:\program files\common files\windows live\.cache\60da70161cf033d01\dsetup32.dll
2013-12-27 19:53:51 -------- d-----w- c:\users\erin\appdata\local\Windows Live
2013-12-27 19:53:26 -------- d-----w- c:\program files\common files\Windows Live
2013-12-16 17:02:28 -------- d-----w- c:\windows\Migration
.
==================== Find3M ====================
.
2013-12-03 01:03:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 01:03:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 01:03:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 01:03:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 01:03:02 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 01:03:01 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 01:03:01 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 01:03:01 337408 ----a-w- c:\windows\system32\html.iec
2013-12-03 01:03:00 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 01:02:59 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 01:02:59 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 01:02:58 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 01:02:58 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 01:02:57 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 01:02:57 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 01:02:57 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 01:02:56 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 01:02:56 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 01:02:55 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 01:02:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 01:27:28 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 01:36:59 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-18 18:47:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 16:23:29.61 ===============

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: Alien vs Predator
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

Hajde za pocetak da pustimo ComboFix sa lanca, neka preceslja tvoju masinu pa da vidimo gde ce nas to odvesti.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

• 1Ovo se svidja korisniku: Alien vs Predator
  
  Registruj se da bi pohvalio/la poruku!

ComboFix 14-01-08.03 - erin 11-Jan-14 17:20:50.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1643.578 [GMT 1:00]
Running from: c:\users\erin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-11 to 2014-01-11 )))))))))))))))))))))))))))))))
.
.
2014-01-11 16:32 . 2014-01-11 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-10 20:05 . 2014-01-11 16:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82EBB52-F88A-48E1-9A07-AE8298BDBEC0}\offreg.dll
2014-01-10 14:15 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82EBB52-F88A-48E1-9A07-AE8298BDBEC0}\mpengine.dll
2014-01-07 11:31 . 2014-01-07 11:31 -------- d-----w- c:\program files\Defraggler
2014-01-06 11:35 . 2014-01-06 11:35 -------- d-----w- c:\users\erin\AppData\Roaming\AVAST Software
2014-01-06 11:34 . 2014-01-06 11:35 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-06 11:34 . 2014-01-06 11:34 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-06 11:34 . 2014-01-06 11:34 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-06 11:34 . 2014-01-06 11:34 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-06 11:34 . 2014-01-06 11:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-06 11:34 . 2014-01-06 11:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-06 11:34 . 2014-01-06 11:34 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-06 11:34 . 2014-01-06 11:34 43152 ----a-w- c:\windows\avastSS.scr
2014-01-06 11:34 . 2014-01-06 11:34 -------- d-----w- c:\program files\AVAST Software
2014-01-06 11:33 . 2014-01-06 11:33 -------- d-----w- c:\programdata\AVAST Software
2013-12-28 01:04 . 2013-12-28 01:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-12-27 19:59 . 2013-12-27 19:59 -------- d-----w- c:\windows\en
2013-12-27 19:58 . 2013-12-27 19:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-12-27 19:57 . 2013-12-27 19:58 -------- d-----w- c:\program files\Windows Live
2013-12-27 19:56 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-12-27 19:56 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-12-27 19:56 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-12-27 19:56 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-27 19:55 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-12-27 19:55 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-12-27 19:53 . 2013-12-30 15:21 -------- d-----w- c:\users\erin\AppData\Local\Windows Live
2013-12-27 19:53 . 2013-12-27 19:53 -------- d-----w- c:\program files\Common Files\Windows Live
2013-12-16 17:02 . 2013-12-16 17:02 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 11:34 . 2012-11-12 22:04 270240 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-27 19:57 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-03 01:03 . 2013-12-03 01:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 01:03 . 2013-12-03 01:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 01:03 . 2013-12-03 01:03 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 01:03 . 2013-12-03 01:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 01:03 . 2013-12-03 01:03 182272 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 01:03 . 2013-12-03 01:03 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 01:03 . 2013-12-03 01:03 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 01:03 . 2013-12-03 01:03 337408 ----a-w- c:\windows\system32\html.iec
2013-12-03 01:03 . 2013-12-03 01:03 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 01:02 . 2013-12-03 01:02 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 01:02 . 2013-12-03 01:02 139264 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 01:02 . 2013-12-03 01:02 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 01:02 . 2013-12-03 01:02 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 01:02 . 2013-12-03 01:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 01:02 . 2013-12-03 01:02 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 01:02 . 2013-12-03 01:02 13312 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 01:02 . 2013-12-03 01:02 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 01:02 . 2013-12-03 01:02 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 01:02 . 2013-12-03 01:02 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 01:02 . 2013-12-03 01:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 09:23 . 2013-12-11 17:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22 . 2013-12-11 17:34 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53 . 2013-12-11 17:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52 . 2013-12-11 17:34 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29 . 2013-12-11 17:34 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29 . 2013-12-11 17:34 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28 . 2013-12-11 17:34 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 17:34 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32 . 2013-12-11 17:34 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33 . 2013-12-11 17:34 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26 . 2013-12-11 12:50 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2012-11-11 18:21 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:07 . 2013-12-11 12:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 02:19 . 2013-12-11 12:50 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 01:27 . 2013-12-11 12:50 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 07:22 . 2013-10-19 07:22 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-19 01:36 . 2013-12-11 12:50 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-18 18:47 . 2013-10-18 18:47 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-11-12 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-06 11:34 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-06 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-11 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-06 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-06 410528]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 35560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-06 67824]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-06 64168]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 14:49 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-18 18:41]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-18 18:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-11 17:37:30
ComboFix-quarantined-files.txt 2014-01-11 16:37
.
Pre-Run: 106,819,780,608 bytes free
Post-Run: 106,734,342,144 bytes free
.
- - End Of File - - 14AB44B5664900E2EC5C5F9D2163BBD7
A36C5E4F47E84449FF07ED3517B43A31

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav,

Idemo na jos neke dodatne provere. Zoek je tu da dodatno preispita komp i da preceslja eventualno ako ima neki junk ili crap. Kao dodatak, zoek ce takodje izvrsiti i neka dodatna ciscenja itd...

Nakon toga idemo na Anti-Rootkit Proveru. TDSSKiller ce na brz ali i efikasan nacin proveriti da li postoji neka RootKit komponenta koja se eventualno sakrila od CF-a.







Preuzmi smeenk-ov zoek () sa ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:

zatvori browser i ostale pokrenute programe;
privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje ...


Klikni na More Options dugme i stikliraj polje ispred sledece opcije:
Auto Clean
Napomena: Stikliraj samo navedenu opciju, ostale opcije ne dirati ! !


Klikni na dugme i pričekaj da se skeniranje završi.
zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)

Kopiraj sadrzaj tog loga u poruku.







=======================================================
Potom ...








Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.
Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 11 Jan 2014 21:15

Zoek.exe v5.0.0.0 Updated 09-Januari-2014
Tool run by erin on 11-Jan-14 at 20:55:00.71.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\erin\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

11-Jan-14 20:56:38 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-800611730-3743125495-365373645-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8D7452F-A9DD-4724-AC42-A6F9FAA24D72} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\erin\AppData\Local\APN deleted
C:\Windows\wininit.ini deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
acaoakiamfeidcmgooclgeleejkbaecf - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06-Jan-14 12:34]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf deleted successfully

==== Empty IE Cache ======================

C:\Users\erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\erin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=2 176777 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\erin\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\erin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11-Jan-14 at 21:13:42.68 ======================

Dopuna: 11 Jan 2014 21:19

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Dobro, reci mi sada ima li nekih poboljsanja?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa prije bas pomislih kada se restartovao racunar (nakon zoek skena) da se mnogo brze podigao sistem nego inace.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uglavnom, ja ovde nevidim malware. Postavljeni logovi su cisti i ne pokazuju znakove aktivne infekcije.




Dobar radnik uvek cisti za sobom.
• Sledeca procedura ce implementirati proceduru zavrsnog ciscenja.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.







Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.

Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.





Ukoliko se problemi vrate, otvori novu temu u Windows forum, sa boljim opisom problema. Kolege sa tog foruma ce te preuzeti i pomoci ako to budu bili u mogucnosti.