CPU Usage: 100%

1

CPU Usage: 100%

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

Ovako, kada upalim racunar, otvorim task manager, i vidim CPU Usage: 100%, pogledam sta vuce toliko i vidim

Jusched.exe , Description: Java(TM) Update Scheduler

Dobro, idem na end process, i posle par sekundi pocne neki drugi isto da vuce jako puno,

Dwm.exe, Description: Desktop Window Manage

I kada odem End process na DWM, ukljuci mi se explorer.exe, koji ne smem da iskljucim, jer mi odma ne stane start menu.

Ovo mi se desava od juce, racunar je radio normalno, i odjednom je poceo processor da tuce 100%, i posle toga sam restartovao, pisao temu u Windows forumu, oni su mi pomogli, ali ne skroz.

Ne koristim nikakav zastitni softver.

Internet konekcija 100 mb/ps.

Ne znam stvarno, koji bi uzrok bio ovom.

DDS.txt -

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Nenad at 13:34:08 on 2013-06-03
Microsoft Windows 7 Professional 6.1.7601.1.1250.381.1033.18.1022.186 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nenad\AppData\Local\Temp\amomj.exe
C:\Users\Nenad\AppData\Local\Temp\winjgaetv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Users\Nenad\AppData\Local\Temp\windcsn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Viber] "c:\users\nenad\appdata\local\viber\Viber.exe" StartMinimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{E3F5265C-4673-42A7-877D-7A56680DC828} : NameServer = 89.216.39.251 89.216.39.252
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\nenad\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\nenad\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\nenad\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\nenad\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-24 21:53; a4me@gzppa-fgw.com; c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\extensions\a4me@gzppa-fgw.com
FF - ExtSQL: 2013-05-04 11:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-06 15:44; toolbar@ask.com; c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-05-21 12:49; cookieexporter@krk; c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\extensions\cookieexporter@krk.xpi
FF - ExtSQL: 2013-05-21 13:10; {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}; c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi
.
============= SERVICES / DRIVERS ===============
.
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
.
=============== Created Last 30 ================
.
2013-06-02 20:50:45 -------- d-----w- c:\windows\pss
2013-06-02 18:10:23 103140 --sh--r- C:\xlknec.pif
2013-05-31 14:44:31 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8e6eccdf-a041-4691-b18f-b7f276b544c9}\offreg.dll
2013-05-31 12:07:25 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8e6eccdf-a041-4691-b18f-b7f276b544c9}\mpengine.dll
2013-05-19 15:19:43 -------- d-----w- c:\users\nenad\appdata\local\Microsoft_Corporation
2013-05-15 10:48:55 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 10:48:54 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 10:48:54 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 10:48:52 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 10:48:52 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 10:48:46 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 10:48:46 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 10:48:46 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-13 14:27:12 2829 ----a-w- c:\windows\War3Unin.pif
2013-05-13 14:27:12 139264 ----a-w- c:\windows\War3Unin.exe
2013-05-06 19:26:13 342288 ----a-w- c:\windows\system32\HMIPCore.dll
2013-05-06 19:25:34 -------- d-----w- c:\users\nenad\appdata\local\Programs
2013-05-06 19:21:13 8704 ----a-w- c:\windows\system32\SpOrder.dll
2013-05-06 19:21:09 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2013-05-06 13:44:20 -------- d-----w- c:\program files\Ask.com
2013-05-06 13:44:01 -------- d-----w- c:\users\nenad\appdata\roaming\RealHideIP
2013-05-06 13:44:01 -------- d-----w- c:\programdata\RealHideIP
2013-05-05 08:01:24 -------- d-----w- c:\users\nenad\appdata\local\Apps
.
==================== Find3M ====================
.
2013-05-22 13:34:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-22 13:34:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-06 18:28:08 94208 ----a-w- c:\windows\pyw.exe
2013-04-06 18:25:14 2653184 ----a-w- c:\windows\system32\python33.dll
2013-04-06 18:24:36 93696 ----a-w- c:\windows\py.exe
2013-04-05 21:16:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-05 21:16:48 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 03:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-17 12:00:34 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-03-14 02:03:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2009-11-16 20:14:45 1239002 ----a-w- c:\program files\WinRAR v3.80 PRO Pre(zabranjeno)ed By REZMAN1984 Setup.exe
.
============= FINISH: 13:39:56,45 ===============


Attach:
https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

@ MinerFull

Dobrodosao u Ambulantu.

Arrow Prvo deinstaliraj Ask Toolbar ;

Arrow Potom odradi sledece:

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


process;
srinfo;
systemscpecs;
installedprogs;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b
C:\Windows\system32\services.exe;i
C:\Windows\SysNative\services.exe;i
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;



Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

Napisano: 03 Jun 2013 18:39

E sad, ne znam da li je ovo sve, jer sam pustio da radi oko 1h, i onda sam rucno restartovao...

Zoek.exe Version 4.0.0.2 Updated 31-May-2013
Tool run by Nenad on pon 03.06.2013 at 15:59:47,62.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected

==== Safe Boot Check ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
Value AlternateShell is missing
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
Value AlternateShell is missing

==== File Information Results ======================


--- C:\Windows\system32\services.exe ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe.mui
File type: ----a-w-
File size: 259072
Created time: 2009-07-13 23:11:26
Modified time: 2009-07-14 01:14:36
MD5: 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
SHA1: 54A90C371155985420F455361A5B3AC897E6C96E


==== Installed Programs ======================

Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ATI Catalyst Install Manager
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Connect
Eurobattle.net
GOM Player
Google Talk Plugin
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 17
JCreator LE 5.00
kuler
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS4
Photoshop Camera Raw
Python 3.3.1
Realtek Ethernet Controller Driver For Windows Vista and Later
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skins
Skypet 6.3
Sublime Text 2.0.1
Suite Shared Configuration CS4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Warcraft III
Warcraft III: All Products
Winamp (remove only)
WinRAR archiver

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nenad\AppData\Local\Temp\amomj.exe
C:\Users\Nenad\AppData\Local\Temp\winjgaetv.exe
C:\Users\Nenad\AppData\Local\Temp\windcsn.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Nenad\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
"AlternateShell"="cmd.exe"

==== Batch Command(s) Run By Tool======================

Volume in drive C has no label.
Volume Serial Number is 34BC-FFB8

Directory of C:\

14.07.2009 06:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Nenad\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Nenad\AppData\Roaming ======
====== C:\Users\Nenad ======

====== C: exe-files ==
=== C: other files ==

======== System Restore Points ========

RP104: 3.6.2013 15:48:29 - Removed Ask Toolbar.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3593054190-1941192585-79594511-1000\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS4ServiceManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS4ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Nenad\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Viber"
"hkey"="HKCU"
"command"="\"C:\\Users\\Nenad\\AppData\\Local\\Viber\\Viber.exe\" StartMinimized"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nenad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
"path"="C:\\Users\\Nenad\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2007 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Screen Clipper and Launcher"


==== Task Scheduler Jobs ======================


==== Firefox Extensions ======================

==== Firefox Plugins ======================

Dopuna: 03 Jun 2013 18:46

Evo 5 min posle odgovora u temi, mislim na zadnji post, izbacio mi je ovaj error.
Ako je od ikakve pomoci.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Hm ... bas cudno. Nesto je omelo zoek u radu. 'ajmo mi to malo konkretnije.



Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.





============ Potom ===========




Arrow Preuzmi Farbar Recovery Scan Tool i sacuvaj ga u neki folder na Desktop.



Napomena: Potrebno je preuzeti verziju koja je kompatibilna sa tvojim operativnim sistemom. Tvoj sistem je 32 bitni.



Dvoklikom pokreni alat. Kada se alat startuje, klikni Yes na disclaimer prozor.
Klikni na dugme Scan
Po zavrsetku skeniranja, bice kreiran izvestaj (FRST.txt) na istoj lokaciji, u istom folderu gde se FRST.exe nalazi.

Kopiraj sadrzaj tog loga u poruku

Po prvom pokretanju FRST-a, alat ce kreirati dodatni izvestaj (Addition.txt).
Taj izvestaj okaci uz poruku koristeci opciju Prikaci fajl.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

E, ovako, skinuo sam ComboFix, sve kako si rekao, i prvi put sam ga pokrenuo, kao i u upustvu, sve je islo lepo, kada se zavrsilo, mislim ono zeleno, nista se posle toga nije desavalo, posle vise pokusaja, otvorio mi se prozor, kao CMD, ali plavi, i pisalo je nesto Stage_1 pa posle nekoliko minuta (Kod mene minimalno 40min. jer jako koci) mi pise Stage_2 i tako, i izbacilo mi je jednom nesto ovako "unable to create combofix.txt" tako nesto ne secam se bas bilo je jos teksta, i danas kad sam proba da pokrenem program izbacilo mi je ovu sliku



kada sam otisao da pronadjem, Combofix.txt , nije ga bilo nigde, ovaj Farbar Recovery Scan Tool, nisam ni pokusao da skinem, jer nisam ni Combofix uradio, ovako, ja mislim da bi najbolje bilo da uradim reinstalaciju sistema, to ce trajati 5 min, je imam ghost file, samo vratim kako sam sacuvao u ghost, bolje tako da uradim, nego da se mucim sa ovim, ovo je vec 2 dan.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

U redu. Ocigledno je u tvom sistemu nesto "otkazalo" cim alati ne rade kako trebaju. Povuci ti Ghoust image, podigni sistem.

Kada to uradis, preuzmi svez DDS, pokreni ga i postavi mi sveze logove na uvid.

Takodje, dok ne zavrsim analizu svezih DDS logova, izbegavaj da ulazis u ostale particije. I obavezno da instaliras AntiVirus.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

magna86 ::U redu. Ocigledno je u tvom sistemu nesto "otkazalo" cim alati ne rade kako trebaju. Povuci ti Ghoust image, podigni sistem.

Kada to uradis, preuzmi svez DDS, pokreni ga i postavi mi sveze logove na uvid.

Takodje, dok ne zavrsim analizu svezih DDS logova, izbegavaj da ulazis u ostale particije. I obavezno da instaliras AntiVirus.


Evo, znam da kasnim, ali opet onaj problem, CD nije kod mene, pa sam cekao vikend zbog CD-a,evo DDS log, sada radi sve bez problema, zastitni softver, ne znam stvarno dal' da instaliram jer mi nije konfiguracija za pohvalu, ali ako bas kaze te, instaliracu.
Sta mislite sta bi mogao biti uzrok ovog sto mi se desilo? Jer ne moguce da je nesto otislo u racunaru, jer cim sam vratio sistem, on funkcionise normalno?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by Nenad at 21:41:51 on 2013-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1250.381.1033.18.1022.202 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Nenad\AppData\Local\Temp\mikvm.exe
C:\Users\Nenad\AppData\Local\Temp\holjv.exe
C:\Windows\system32\taskhost.exe
C:\Users\Nenad\AppData\Local\Temp\winhnac.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: Interfaces\{E2895E99-5143-4B95-B378-AB5BDFF8309D} : NameServer = 89.216.39.251 89.216.39.252
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nenad\appdata\roaming\mozilla\firefox\profiles\yhlxf14w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-06-09 19:12:47 -------- d-----w- c:\users\nenad\appdata\local\Adobe
2013-06-09 19:07:13 -------- d-----w- c:\users\nenad\appdata\local\Macromedia
2013-06-09 19:07:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-09 19:07:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-09 18:51:44 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c7d7ac92-adde-4ab9-a7c4-ecdd7281d0a4}\offreg.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.

Attach:

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Arrow Instaliraj avast! AntiVirus ( ili neki drugi, kako zelis ) azuriraj mu bazu i odradi FullScan.

Napisi mi rezultate ( okaci AV_log ako si u mogucnosti ), takodje ako se spominje negde rec Virut ili Sality, obavesti me.



Potom, odradi i ovo, radi dodatne provere tako da bih imao vise informacija ...


Arrow Preuzmi Farbar Service Scanner i sacuvaj ga na Desktop

Dvoklikom pokreni FSS.exe, stikliraj sve opcije i klikni na Scan

Nedugo zatim, otvorice se log programa u Notepad-u, koji ce biti sacuvan na radnoj povrsini kao FSS.txt

Kopiraj njegov sadrzaj u temu na forumu.

offline
  • Pridružio: 01 Jan 2012
  • Poruke: 392

E, ovako, skinuo sam Kaspersky, i isao full scan, nasao mi je Malware, 46 virus, i 3 trojanca, malware obrisan, virusi su ocisceni, i trojanci obrisani, evo slike odma posle scan-a,



Kada sam vracao sistem na staro, preko ghost-a, vratio mi je samo C particiju, standard, ali ovo sto sam sacuvao na D particiji, pre nego sto sam vracao sistem, bas tu sam imao malware i ove trojance...

Farbar Service Scanner Version: 31-05-2013 01
Ran by Nenad (administrator) on 10-06-2013 at 18:18:19
Running from "C:\Users\Nenad\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-20 23:29] - [2010-11-20 23:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Postavi ti meni log da ja vidim sta je tu KAV radio.


Ponovo pokreni Kaspersky, u gornjem desnom uglu klikni na dugme Reports ;
U sledecem prozoru koji se otvori, u gornjem desnom uglu, opcija Period: prebaci sa Day na Entire period
U istom tom prozoru u donjem levom uglu, klikni na dugme Save...
Sacuvaj izvestaj na Desktop sa proizvoljnim nazivom.


Okaci mi uz poruku taj kreiran notepad koristeci opciju Prikaci fajl

Ko je trenutno na forumu
 

Ukupno su 532 korisnika na forumu :: 25 registrovanih, 7 sakrivenih i 500 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, Battlehammer, BraneS, Cufo, djo97, djordje92sm, eighty-one, goran.vvv, goxin, Hoegaarden, KS, kybonacci, MarKhan, nemkea71, NoOneEver Dreams, pacika, rovac, sakota79, Sale.S, Snorks, Toni, VJ, Vlad000, vranjanac29, Živković