Kompjuter koči

Kompjuter koči

offline
  • Pridružio: 21 Maj 2011
  • Poruke: 14
  • Gde živiš: Nikšić, Montenegro

Pozz!
Prethodnih 10-tak dana kompjuter mi puno koči. Najviše problema je na internetu, teško se otvaraju stranice, a ako bi se slučajno otvorio neki snimak(npr. gledanje filma ili na you tube), tu bi tek zabagovalo i morao bih restartovati kompjuter. Ono što je specifično je da ima trenutaka kada sve radi super, a onda, odjednom zakoči i to traje nekoliko minuta da bi nakon toga iznova krenulo-ponovo radi odlično, a onda poslije par minuta-zakoči. Što se tiče Facebooka i tu se povremeno dešava isti problem, naročito kad su igrice na fb u pitanju: malo radi, a onda zakoči i tako redom.
Skenirao sam antivirusom, čistio CCleanerom, brisao neke bezvezne programe, fajlove, čisto da oslobodim sistem... ali ne pomaže.

Inače, ne razumijem se baš puno u kompjutere, tako da Vam se izvinjavam ako nešto ne budem umio da uradim što bi mi predložili kao rešenje problema.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by pc (administrator) on ADMIN on 07-07-2014 20:57:09
Running from C:\Documents and Settings\pc\My Documents
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

() C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
() C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-08-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7700480 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2006-10-22] (NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1443072 2008-02-20] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1645522239-329068152-1177238915-1003\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1645522239-329068152-1177238915-1003\...\Run: [RGSC] => C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1645522239-329068152-1177238915-1003\...\MountPoints2: {0c6e370c-1b94-11e3-a1f5-001167cdbd45} - H:\PMBP_Win.exe
HKU\S-1-5-21-1645522239-329068152-1177238915-1003\...\MountPoints2: {97037d86-f63d-11e2-8663-806d6172696f} - setupSNK.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\o7xm868u.default-1402081658765
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\pc\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Profiles\o7xm868u.default-1402081658765\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-11]

Chrome:
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-06]
CHR Extension: (Google Wallet) - C:\Documents and Settings\pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-09]

========================== Services (Whitelisted) =================

R2 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [166520 2008-03-19] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [19200 2008-02-20] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [472320 2008-02-20] (ESET)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed]
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2004-08-04] (Microsoft Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [51816 2008-03-19] ()

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [34312 2007-06-24] (IVT Corporation.)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [27656 2007-06-24] (IVT Corporation.)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [38920 2007-06-24] (IVT Corporation.)
R0 BTHidEnum; C:\WINDOWS\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [39944 2008-02-20] (ESET)
R1 easdrv; C:\WINDOWS\System32\DRIVERS\easdrv.sys [29704 2008-02-20] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [33800 2008-02-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2010-12-23] (Samsung Electronics) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S4 IntelIde; No ImagePath
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 20:55 - 2014-07-07 20:57 - 00009871 _____ () C:\Documents and Settings\pc\My Documents\FRST.txt
2014-07-07 20:52 - 2014-07-07 20:54 - 01074688 _____ (Farbar) C:\Documents and Settings\pc\My Documents\FRST.exe
2014-07-07 20:35 - 2014-07-07 20:57 - 00000000 ____D () C:\FRST
2014-07-07 19:21 - 2014-07-07 19:21 - 00000862 _____ () C:\Documents and Settings\pc\Desktop\GOM Player.lnk
2014-07-07 16:58 - 2014-07-07 17:00 - 00030941 _____ () C:\WINDOWS\ie8Uninst.log
2014-07-07 15:12 - 2014-07-07 15:12 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Matursko
2014-07-07 15:10 - 2014-07-07 15:11 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\exqrzija
2014-07-07 15:07 - 2014-07-07 15:08 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Politijada
2014-07-06 12:08 - 2014-07-06 12:08 - 00000165 ____H () C:\Documents and Settings\pc\Desktop\~$jul.xlsx
2014-07-05 12:57 - 2014-07-05 13:04 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Adobe
2014-07-04 22:15 - 2014-07-07 20:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-04 22:15 - 2014-07-04 22:15 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-04 22:15 - 2014-07-04 22:15 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-03 18:11 - 2014-07-03 23:51 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-07-03 13:54 - 2014-07-03 19:42 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Adblock Plus for IE
2014-07-03 13:53 - 2014-07-05 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-03 13:46 - 2014-07-03 13:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-03 13:46 - 2014-07-03 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-03 13:46 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-07-03 13:46 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-07-03 13:46 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-07-03 13:46 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-07-03 13:46 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-07-03 13:43 - 2014-07-03 13:46 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-07-03 13:25 - 2014-07-03 18:10 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-07-03 13:25 - 2014-07-03 13:26 - 00030696 _____ () C:\WINDOWS\KB926139-v2.log
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-07-02 15:10 - 2014-07-02 15:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-01 16:58 - 2014-07-07 17:01 - 00000372 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1404226715.job
2014-07-01 16:58 - 2014-07-01 16:58 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2014-07-01 16:58 - 2014-07-01 16:58 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Program Files\Opera
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Opera Software
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Documents and Settings\pc\Application Data\Opera Software
2014-07-01 14:53 - 2014-07-07 13:16 - 00012388 _____ () C:\Documents and Settings\pc\Desktop\jul.xlsx
2014-06-23 20:31 - 2014-06-23 20:31 - 00000000 __SHD () C:\Documents and Settings\pc\IECompatCache
2014-06-22 21:57 - 2014-06-22 21:57 - 00000000 __SHD () C:\Documents and Settings\pc\PrivacIE
2014-06-22 21:52 - 2014-06-22 21:52 - 00000000 __SHD () C:\Documents and Settings\pc\IETldCache
2014-06-22 21:52 - 2014-06-22 21:52 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-06-22 21:50 - 2014-06-22 21:51 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-06-22 21:49 - 2014-07-07 16:59 - 00047878 _____ () C:\WINDOWS\updspapi.log
2014-06-22 21:49 - 2008-04-14 05:41 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-06-22 21:49 - 2008-04-14 05:41 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-06-22 21:48 - 2014-06-22 21:51 - 00031278 _____ () C:\WINDOWS\ie8_main.log
2014-06-22 21:48 - 2014-06-22 21:50 - 00057060 _____ () C:\WINDOWS\ie8.log
2014-06-17 21:38 - 2014-06-17 21:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-06-15 13:13 - 2014-06-16 12:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trymedia
2014-06-15 13:13 - 2014-06-15 13:13 - 00000000 ____D () C:\Program Files\Online Games Manager
2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Documents and Settings\pc\Application Data\WinRAR
2014-06-14 13:50 - 2014-06-15 13:57 - 00000010 _____ () C:\WINDOWS\popcinfo.dat
2014-06-14 13:22 - 2014-06-14 13:22 - 00000000 ____D () C:\Program Files\ReflexiveArcade
2014-06-11 18:44 - 2014-06-11 18:44 - 00081920 _____ () C:\WINDOWS\Minidump\Mini061114-01.dmp
2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-11 13:45 - 2014-07-07 19:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 15:05 - 2014-06-09 15:05 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

2014-07-07 20:57 - 2014-07-07 20:55 - 00009871 _____ () C:\Documents and Settings\pc\My Documents\FRST.txt
2014-07-07 20:57 - 2014-07-07 20:35 - 00000000 ____D () C:\FRST
2014-07-07 20:57 - 2013-07-27 13:20 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Razno
2014-07-07 20:57 - 2013-07-26 23:50 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Temp
2014-07-07 20:54 - 2014-07-07 20:52 - 01074688 _____ (Farbar) C:\Documents and Settings\pc\My Documents\FRST.exe
2014-07-07 20:40 - 2013-08-22 19:51 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-07 20:31 - 2014-07-04 22:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-07 19:22 - 2013-08-26 12:35 - 00000000 ____D () C:\Documents and Settings\pc\Desktop\Unused Desktop Shortcuts
2014-07-07 19:21 - 2014-07-07 19:21 - 00000862 _____ () C:\Documents and Settings\pc\Desktop\GOM Player.lnk
2014-07-07 19:21 - 2014-06-11 13:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-07 17:07 - 2013-07-26 22:20 - 00435614 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-07 17:01 - 2014-07-01 16:58 - 00000372 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1404226715.job
2014-07-07 17:01 - 2013-08-22 19:51 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-07 17:01 - 2013-07-26 23:50 - 00000809 _____ () C:\Documents and Settings\pc\Start Menu\Programs\Internet Explorer.lnk
2014-07-07 17:01 - 2013-07-26 23:50 - 00000000 ___RD () C:\Documents and Settings\pc\Start Menu\Programs\Accessories
2014-07-07 17:01 - 2013-07-26 23:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-07 17:01 - 2013-07-26 20:51 - 00088566 _____ () C:\WINDOWS\system32\nvapps.xml
2014-07-07 17:00 - 2014-07-07 16:58 - 00030941 _____ () C:\WINDOWS\ie8Uninst.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00088796 ____C () C:\WINDOWS\iis6.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00028382 ____C () C:\WINDOWS\comsetup.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00027727 ____C () C:\WINDOWS\tsoc.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00015487 ____C () C:\WINDOWS\ntdtcsetup.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00003118 ____C () C:\WINDOWS\tabletoc.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00002937 ____C () C:\WINDOWS\ocmsn.log
2014-07-07 17:00 - 2013-07-26 23:59 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-07-07 17:00 - 2013-07-26 23:52 - 00000000 ____D () C:\WINDOWS\Help
2014-07-07 17:00 - 2013-07-26 23:50 - 00000178 ___SH () C:\Documents and Settings\pc\ntuser.ini
2014-07-07 17:00 - 2013-07-26 23:49 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-07 16:59 - 2014-06-22 21:49 - 00047878 _____ () C:\WINDOWS\updspapi.log
2014-07-07 16:59 - 2013-07-26 23:59 - 00048635 ____C () C:\WINDOWS\FaxSetup.log
2014-07-07 16:59 - 2013-07-26 23:59 - 00034345 ____C () C:\WINDOWS\ocgen.log
2014-07-07 16:59 - 2013-07-26 23:59 - 00009288 ____C () C:\WINDOWS\netfxocm.log
2014-07-07 16:59 - 2013-07-26 23:59 - 00004037 ____C () C:\WINDOWS\MedCtrOC.log
2014-07-07 16:59 - 2013-07-26 23:59 - 00002725 ____C () C:\WINDOWS\msgsocm.log
2014-07-07 16:58 - 2013-07-26 23:59 - 00021446 ____C () C:\WINDOWS\msmqinst.log
2014-07-07 15:12 - 2014-07-07 15:12 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Matursko
2014-07-07 15:11 - 2014-07-07 15:10 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\exqrzija
2014-07-07 15:08 - 2014-07-07 15:07 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Politijada
2014-07-07 13:16 - 2014-07-01 14:53 - 00012388 _____ () C:\Documents and Settings\pc\Desktop\jul.xlsx
2014-07-07 13:11 - 2004-08-04 02:07 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-06 12:27 - 2014-05-19 18:44 - 00024024 _____ () C:\WINDOWS\setupapi.log
2014-07-06 12:08 - 2014-07-06 12:08 - 00000165 ____H () C:\Documents and Settings\pc\Desktop\~$jul.xlsx
2014-07-05 13:04 - 2014-07-05 12:57 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Adobe
2014-07-05 12:15 - 2014-07-03 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-04 22:15 - 2014-07-04 22:15 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-04 22:15 - 2014-07-04 22:15 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-04 19:55 - 2013-07-27 01:44 - 00000155 _____ () C:\WINDOWS\winamp.ini
2014-07-04 11:50 - 2013-07-26 23:56 - 00000210 ___SH () C:\boot.ini
2014-07-04 11:50 - 2004-08-04 02:07 - 00000552 _____ () C:\WINDOWS\win.ini
2014-07-04 11:50 - 2004-08-04 02:07 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-03 23:51 - 2014-07-03 18:11 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-07-03 19:42 - 2014-07-03 13:54 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Adblock Plus for IE
2014-07-03 18:12 - 2013-09-02 08:32 - 00009494 ____C () C:\WINDOWS\spupdsvc.log
2014-07-03 18:10 - 2014-07-03 13:25 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-07-03 14:53 - 2013-07-27 00:43 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-03 13:46 - 2014-07-03 13:46 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-03 13:46 - 2014-07-03 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-07-03 13:46 - 2014-07-03 13:43 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-07-03 13:46 - 2013-07-31 14:57 - 00000000 ____D () C:\Program Files\Java
2014-07-03 13:26 - 2014-07-03 13:25 - 00030696 _____ () C:\WINDOWS\KB926139-v2.log
2014-07-03 13:26 - 2013-07-26 23:59 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926139-v2$
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 ____D () C:\WINDOWS\system32\windowspowershell
2014-07-03 13:25 - 2014-07-03 13:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-07-02 23:54 - 2013-07-27 00:10 - 00000535 _____ () C:\WINDOWS\wiadebug.log
2014-07-02 23:54 - 2013-07-27 00:10 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-07-02 15:10 - 2014-07-02 15:10 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-02 14:04 - 2013-07-26 23:57 - 00179875 _____ () C:\WINDOWS\setupact.log
2014-07-02 14:03 - 2013-07-27 14:45 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\FPN
2014-07-01 16:58 - 2014-07-01 16:58 - 00000675 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2014-07-01 16:58 - 2014-07-01 16:58 - 00000675 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Program Files\Opera
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Opera Software
2014-07-01 16:58 - 2014-07-01 16:58 - 00000000 ____D () C:\Documents and Settings\pc\Application Data\Opera Software
2014-06-30 13:45 - 2013-08-09 17:38 - 00000000 __SHD () C:\WINDOWS\CSC
2014-06-23 20:31 - 2014-06-23 20:31 - 00000000 __SHD () C:\Documents and Settings\pc\IECompatCache
2014-06-23 20:31 - 2013-07-26 23:50 - 00000000 ____D () C:\Documents and Settings\pc
2014-06-22 21:57 - 2014-06-22 21:57 - 00000000 __SHD () C:\Documents and Settings\pc\PrivacIE
2014-06-22 21:52 - 2014-06-22 21:52 - 00000000 __SHD () C:\Documents and Settings\pc\IETldCache
2014-06-22 21:52 - 2014-06-22 21:52 - 00000000 __SHD () C:\Documents and Settings\LocalService\IETldCache
2014-06-22 21:52 - 2013-07-26 23:49 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-06-22 21:51 - 2014-06-22 21:50 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-06-22 21:51 - 2014-06-22 21:48 - 00031278 _____ () C:\WINDOWS\ie8_main.log
2014-06-22 21:50 - 2014-06-22 21:48 - 00057060 _____ () C:\WINDOWS\ie8.log
2014-06-22 21:50 - 2013-07-26 23:52 - 00000000 ____D () C:\WINDOWS\Media
2014-06-18 12:37 - 2013-07-27 01:41 - 00000000 ____D () C:\Documents and Settings\pc\Local Settings\Application Data\Google
2014-06-18 12:23 - 2013-07-27 01:41 - 00001819 _____ () C:\Documents and Settings\pc\Desktop\Google Chrome.lnk
2014-06-17 21:38 - 2014-06-17 21:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-06-17 21:37 - 2013-07-28 18:32 - 00000000 ____D () C:\Program Files\Google
2014-06-16 12:21 - 2014-06-15 13:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trymedia
2014-06-15 22:36 - 2013-07-27 12:57 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Novelas,films
2014-06-15 13:57 - 2014-06-14 13:50 - 00000010 _____ () C:\WINDOWS\popcinfo.dat
2014-06-15 13:13 - 2014-06-15 13:13 - 00000000 ____D () C:\Program Files\Online Games Manager
2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Documents and Settings\pc\Application Data\WinRAR
2014-06-14 13:22 - 2014-06-14 13:22 - 00000000 ____D () C:\Program Files\ReflexiveArcade
2014-06-13 16:55 - 2013-08-09 15:11 - 00000406 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-06-13 16:50 - 2014-03-18 14:46 - 00000000 ____D () C:\Documents and Settings\pc\My Documents\Преузимања
2014-06-11 18:44 - 2014-06-11 18:44 - 00081920 _____ () C:\WINDOWS\Minidump\Mini061114-01.dmp
2014-06-11 18:44 - 2014-06-11 18:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-09 15:05 - 2014-06-09 15:05 - 00000000 _____ () C:\WINDOWS\setuperr.log

Some content of TEMP:
====================
C:\Documents and Settings\pc\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoknpkq.dll
C:\Documents and Settings\pc\Local Settings\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,

Postavljeni set logova ne pokazuje znakove aktivne infekcije. Idemo na jos jednu proveru ...




1. Preuzmi sUBs-ov ComboFix () sa ovog linka i sačuvaj alat na Desktop.
• Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
• Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.


------------------------------------------------------------
2. Privremeno deaktiviraj AntiVirus program, u većini slučajeva preko desnog klika na ikonu programa u system tray. Oni mogu ometati alat tokom rada.
Ukoliko nisi siguran kako to da uradiš, isprati ovo uputstvo.

------------------------------------------------------------
3. Dvoklikom na ikonicu pokreni ComboFix. Potom, na disclaimer prozoru klikni dugme I Agree!

• ComboFix će proveriti da li je dostupna nova verzija alata.
Klikni Yes ako je zatrazeno preuzimanje.
• Ukoliko Recovery Console nije instaliran, ComboFix će ponuditi preuzimanje i instalaciju.
Klikni Yes da bi dozvolio alatu da preuzme i instalira Recovery Console
• ComboFix će skenirati računar po fazama (Stage_#) ukupno 50 faza.
Ne kliktati okolo dok ComboFix ispituje sistem.
• Ukoliko je malware detektovan, ComboFix će zapoceti njegovo uklanjanje.
Iz tog razloga, alat će po potrebi restartovati Windows (nekad i više puta);

Napomena: Ako nakon rada alata dobiješ grešku (Illegal operation attempted on a registry key that has been marked for deletion) prilikom startovanja programa, restartovati računar i to ce rešiti problem.


------------------------------------------------------------
4. Kada alat završi, formiraće i otvoriti izveštaj (tipična lokacija: C:\ComboFix.txt)
Iskopiraj sadržaj ComboFix.txt izveštaja u poruku.

ComboFix će takođe formirati i dodatan izveštaj (tipicna lokacija: C:\Qoobox\ComboFix-quarantined-files.txt)
Okači ComboFix-quarantined-files.txt izveštaj uz poruku koristeći opciju Prikači fajl

offline
  • Pridružio: 21 Maj 2011
  • Poruke: 14
  • Gde živiš: Nikšić, Montenegro

ComboFix 14-07-08.01 - pc 07/08/2014 12:45:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.92 [GMT 2:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2014-06-08 to 2014-07-08 )))))))))))))))))))))))))))))))
.
.
2014-07-07 18:35 . 2014-07-07 19:22 -------- d-----w- C:\FRST
2014-07-05 10:57 . 2014-07-05 11:04 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Adobe
2014-07-04 20:15 . 2014-07-04 20:15 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-04 20:15 . 2014-07-04 20:15 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 11:54 . 2014-07-03 17:42 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Adblock Plus for IE
2014-07-03 11:53 . 2014-07-05 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2014-07-03 11:46 . 2014-07-03 11:46 -------- d-----w- c:\program files\Common Files\Java
2014-07-03 11:46 . 2014-05-07 12:42 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-07-03 11:46 . 2014-05-07 13:02 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-03 11:26 . 2014-07-03 11:26 -------- d-----w- c:\documents and settings\pc\Application Data\ElevatedDiagnostics
2014-07-02 13:10 . 2014-07-02 13:10 -------- d-----w- c:\program files\AVAST Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Opera Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\documents and settings\pc\Application Data\Opera Software
2014-07-01 14:58 . 2014-07-01 14:58 -------- d-----w- c:\program files\Opera
2014-06-23 18:31 . 2014-06-23 18:31 -------- d-sh--w- c:\documents and settings\pc\IECompatCache
2014-06-22 19:57 . 2014-06-22 19:57 -------- d-sh--w- c:\documents and settings\pc\PrivacIE
2014-06-22 19:52 . 2014-06-22 19:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-06-22 19:52 . 2014-06-22 19:52 -------- d-sh--w- c:\documents and settings\pc\IETldCache
2014-06-22 19:49 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2014-06-22 19:49 . 2008-04-14 03:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2014-06-15 11:13 . 2014-06-16 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2014-06-15 11:13 . 2014-06-15 11:13 -------- d-----w- c:\program files\Online Games Manager
2014-06-14 11:22 . 2014-06-14 11:22 -------- d-----w- c:\program files\ReflexiveArcade
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-16 . 4728A2BF7FD18C858772158689ECDAC2 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"helpsvc"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 AM 472320]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [12/23/2010 8:06 AM 5120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/27/2013 12:00 AM 1691480]
S3 cpuz135;cpuz135;\??\c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2012\pcwiz_x32.sys [?]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C;\??\e:\ntiolib.sys --> e:\NTIOLib.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-17 19:37 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-04 20:15]
.
2014-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-22 17:50]
.
2014-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-22 17:50]
.
2014-07-08 c:\windows\Tasks\Opera scheduled Autoupdate 1404226715.job
- c:\program files\Opera\launcher.exe [2014-07-01 08:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-AvastUI - c:\program files\AVAST Software\Avast\AvastUI.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-07-08 12:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-329068152-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:70,db,ac,a3,4e,82,b0,68,c3,b9,55,0e,f4,73,4f,33,bb,f1,f1,c0,ae,
08,cf,a4,9a,40,57,0f,9a,cf,df,bf,74,a9,55,3d,64,6f,b8,2c,8a,9d,48,08,a6,bd,\
"rkeysecu"=hex:7c,21,f9,09,3e,e1,ea,e6,d8,bf,82,be,ae,65,5d,11
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2014-07-08 12:58:52
ComboFix-quarantined-files.txt 2014-07-08 10:58
.
Pre-Run: 24,574,984,192 bytes free
Post-Run: 25,491,750,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A4D190D7E2164D0E87C9A41E489651BE
8F558EB6672622401DA993E1E865C861



mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ja ovde ne vidim malware. ComboFix je rutinski odradio praznjenje $Temp i Internet temp foldera tako da bi to moglo malo da doprinese preformansama ali ovde nema infekcije. Vreme je da uklonimo alate...




Sledeća procedura će implementirati završno čišćenje.


Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore


Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

offline
  • Pridružio: 21 Maj 2011
  • Poruke: 14
  • Gde živiš: Nikšić, Montenegro

Ok onda, hvala u svakom slučaju! Smile

Ko je trenutno na forumu
 

Ukupno su 881 korisnika na forumu :: 66 registrovanih, 11 sakrivenih i 804 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aboris, Andrija357, arzak, b_z_b, babaroga, bojank, braca57, Bubimir, dankisha, darionis, darios, DejanSt, doklevise, DPera, draganl, Dulmitur, Frunze, Gama, Georgius, goflja76, gomago, HrcAk47, ikan, Ivan Campo, Kriglord, krlebgd77, kunktator, ladro, Lord Nem, maskirovka, mercedesamg, MiG-29M2, Mixelotti, moldway, nenad81, ofbeyond, Parker, Pikac-47, purke62, radoznao, rikirubio, Rogan33, rovac, sabros, samsung, saputnik plavetnila, savaskytec, Shufle, sickmouse, Sirius, Smiljke, Srki94, StefanopuloZ, Stoilkovic, Stoorbak, tomigun, Toni, trikomso, Trpe Grozni, Van, vathra, Vlad000, Voja1978, zmajbre, zoranis