Usporen racunar

1

Usporen racunar

offline
  • Pridružio: 02 Sep 2013
  • Poruke: 496

U poslednje vrijeme racunar mi je dosta usporen(sporo otvara programe i browsere,mnogo baguje,koci youtube...)Pa bih zelio da ga provjerim Smile

https://www.mycity.rs/must-login.png

addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 01
Ran by PC-user at 2014-05-25 11:17:04
Running from C:\Documents and Settings\PC-user\My Documents
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Camtasia Studio 7 (HKLM\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Camtasia Studio 8 (HKLM\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskInfo 6.1.12 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Express Zip (HKLM\...\ExpressZip) (Version: 2.28 - NCH Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
K-Lite Codec Pack 10.1.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 (Version: 3.5.21022 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version: - )
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Nero 7 Ultra Edition (HKLM\...\{847CAE64-4CD2-4B2D-AF00-978FF5431033}) (Version: 7.02.9755 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Control Panel 266.58 (Version: 266.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.50 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.57 (HKLM\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
PandoraRecovery (Remove Only) (HKLM\...\PandoraRecovery) (Version: - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
smartmontools (HKLM\...\smartmontools) (Version: 6.2 2013-07-26 r3841 (sf-6.2-1) - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4160 - Analog Devices)
TuneUp Utilities 2009 (HKLM\...\{55A29068-F2CE-456C-9148-C869879E2357}) (Version: 8.0.2000.35 - TuneUp Software)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
Video Edit Magic 4 (HKLM\...\Video Edit Magic_is1) (Version: - )
Video Edit Magic 4.4 (HKLM\...\Video Edit Magic 4_is1) (Version: - Deskshare Inc.)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.36 - NCH Software)
Virtua Tennis(TM) 2009 (HKLM\...\{9B63540D-D942-4C38-B42E-A48AE0145970}) (Version: 1.00.0000 - SEGA)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version: - win-movie-maker-free)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2008-04-14 01:00 - 2014-05-17 01:40 - 00000735 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2014-05-10 14:03 - 2014-05-10 14:03 - 00945664 _____ () C:\Documents and Settings\PC-user\Local Settings\Temp\mdi064.dll
2014-05-10 14:41 - 2014-05-25 11:05 - 01416192 _____ () C:\Documents and Settings\PC-user\Local Settings\Temp\msupdate71\indexer.exe
2014-05-09 13:42 - 2014-04-30 01:37 - 01397880 _____ () C:\Program Files\Opera\21.0.1432.57\opera_crashreporter.exe
2014-05-09 13:41 - 2014-04-30 01:37 - 00957048 _____ () C:\Program Files\Opera\21.0.1432.57\ffmpegsumo.dll
2014-05-10 07:15 - 2014-05-10 07:15 - 16351920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
2008-07-12 12:09 - 2008-07-12 12:09 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94A19129
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9AEE100C
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94A19129
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:9AEE100C

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 11:04:35 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 11:04:35 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 10:23:42 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 10:23:42 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 09:23:24 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 09:23:24 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 08:00:29 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/25/2014 08:00:29 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/23/2014 06:53:05 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (05/23/2014 06:53:04 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.


System errors:
=============
Error: (05/25/2014 11:07:51 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/25/2014 10:25:55 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/25/2014 09:25:38 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/25/2014 08:30:03 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/23/2014 06:55:10 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/23/2014 06:51:34 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/23/2014 00:07:27 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/22/2014 03:15:30 PM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/22/2014 04:13:55 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.

Error: (05/22/2014 00:47:15 AM) (Source: Schannel) (EventID: 4114) (User: )
Description: The certificate received from the remote server was issued by an untrusted certificate
authority. Because of this, none of the data contained in the certificate can be validated.
The SSL connection request has failed. The attached data contains the server certificate.


Microsoft Office Sessions:
=========================
Error: (05/25/2014 11:04:35 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 11:04:35 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 10:23:42 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 10:23:42 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 09:23:24 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 09:23:24 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 08:00:29 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/25/2014 08:00:29 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/23/2014 06:53:05 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:

Error: (05/23/2014 06:53:04 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description:


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 511.11 MB
Available physical RAM: 185.2 MB
Total Pagefile: 1250.03 MB
Available Pagefile: 874.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:22.09 GB) (Free:5.31 GB) NTFS
Drive d: (windows 7) (Fixed) (Total:19.53 GB) (Free:11.86 GB) NTFS
Drive e: (Dokumenti 2) (Fixed) (Total:58.59 GB) (Free:10.1 GB) NTFS
Drive f: (Dokumenti) (Fixed) (Total:48.83 GB) (Free:6.51 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: (VT2009) (CDROM) (Total:4.08 GB) (Free:0 GB) UDF
Drive j: (VT2009) (CDROM) (Total:4.08 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 50BC50BC)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)

==================== End Of Log ============================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Prvo deinstaliraj sledece programe:

TuneUp
Razer Game Booster




Arrow


1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Start
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll,runme <===== ATTENTION
C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\MountPoints2: {06b372ca-e11f-11e3-8ba0-001a92453887} - I:\setup.exe
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\MountPoints2: {06b372d3-e11f-11e3-8ba0-001a92453887} - J:\setup.exe
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
C:\Documents and Settings\PC-user\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\bitool.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dyndata_7400006.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\mdi064.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\SecuExp.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\zlib1v2.exe
Reboot:
End


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.










Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 02 Sep 2013
  • Poruke: 496

evo fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 01
Ran by PC-user at 2014-05-26 02:44:03 Run:1
Running from C:\Documents and Settings\PC-user\My Documents
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll,runme <===== ATTENTION
C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\MountPoints2: {06b372ca-e11f-11e3-8ba0-001a92453887} - I:\setup.exe
HKU\S-1-5-21-606747145-1500820517-1417001333-500\...\MountPoints2: {06b372d3-e11f-11e3-8ba0-001a92453887} - J:\setup.exe
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
C:\Documents and Settings\PC-user\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\bitool.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dyndata_7400006.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\mdi064.dll
C:\Documents and Settings\PC-user\Local Settings\Temp\SecuExp.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\PC-user\Local Settings\Temp\zlib1v2.exe
Reboot:
End
*****************

HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-606747145-1500820517-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\\tsiVideo => Value deleted successfully.
Could not move "C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll" => Scheduled to move on reboot.
HKU\S-1-5-21-606747145-1500820517-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06b372ca-e11f-11e3-8ba0-001a92453887} => Key deleted successfully.
HKCR\CLSID\{06b372ca-e11f-11e3-8ba0-001a92453887} => Key not found.
HKU\S-1-5-21-606747145-1500820517-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06b372d3-e11f-11e3-8ba0-001a92453887} => Key deleted successfully.
HKCR\CLSID\{06b372d3-e11f-11e3-8ba0-001a92453887} => Key not found.
Default URLSearchHook was restored successfully .
C:\Documents and Settings\PC-user\Local Settings\Temp\BackupSetup.exe => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\bitool.dll => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dialogs.dll => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\drm_dyndata_7400006.dll => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\mdi064.dll => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\SecuExp.exe => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\vcredist_x86.exe => Moved successfully.
C:\Documents and Settings\PC-user\Local Settings\Temp\zlib1v2.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-26 02:45:30)<=

C:\DOCUME~1\PC-user\LOCALS~1\Temp\\mdi064.dll => Is moved successfully.

==== End of Fixlog ====

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Combofix si zaboravio?

offline
  • Pridružio: 02 Sep 2013
  • Poruke: 496

Nisam evo Smile

ComboFix 14-05-26.02 - PC-user 26.05.2014 2:54.1.2 - x86
Running from: c:\documents and settings\PC-user\My Documents\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\PC-user\ntuser.tmp
c:\program files\3199ae4f664f1bc22a35
c:\program files\3199ae4f664f1bc22a35\eventlog.txt
c:\program files\80238cd411cee888bc
c:\program files\80238cd411cee888bc\1025\eula.rtf
c:\program files\80238cd411cee888bc\1025\LocalizedData.xml
c:\program files\80238cd411cee888bc\1025\SetupResources.dll
c:\program files\80238cd411cee888bc\1028\eula.rtf
c:\program files\80238cd411cee888bc\1028\LocalizedData.xml
c:\program files\80238cd411cee888bc\1028\SetupResources.dll
c:\program files\80238cd411cee888bc\1029\eula.rtf
c:\program files\80238cd411cee888bc\1029\LocalizedData.xml
c:\program files\80238cd411cee888bc\1029\SetupResources.dll
c:\program files\80238cd411cee888bc\1030\eula.rtf
c:\program files\80238cd411cee888bc\1030\LocalizedData.xml
c:\program files\80238cd411cee888bc\1030\SetupResources.dll
c:\program files\80238cd411cee888bc\1031\eula.rtf
c:\program files\80238cd411cee888bc\1031\LocalizedData.xml
c:\program files\80238cd411cee888bc\1031\SetupResources.dll
c:\program files\80238cd411cee888bc\1032\eula.rtf
c:\program files\80238cd411cee888bc\1032\LocalizedData.xml
c:\program files\80238cd411cee888bc\1032\SetupResources.dll
c:\program files\80238cd411cee888bc\1033\eula.rtf
c:\program files\80238cd411cee888bc\1033\LocalizedData.xml
c:\program files\80238cd411cee888bc\1033\SetupResources.dll
c:\program files\80238cd411cee888bc\1035\eula.rtf
c:\program files\80238cd411cee888bc\1035\LocalizedData.xml
c:\program files\80238cd411cee888bc\1035\SetupResources.dll
c:\program files\80238cd411cee888bc\1036\eula.rtf
c:\program files\80238cd411cee888bc\1036\LocalizedData.xml
c:\program files\80238cd411cee888bc\1036\SetupResources.dll
c:\program files\80238cd411cee888bc\1037\eula.rtf
c:\program files\80238cd411cee888bc\1037\LocalizedData.xml
c:\program files\80238cd411cee888bc\1037\SetupResources.dll
c:\program files\80238cd411cee888bc\1038\eula.rtf
c:\program files\80238cd411cee888bc\1038\LocalizedData.xml
c:\program files\80238cd411cee888bc\1038\SetupResources.dll
c:\program files\80238cd411cee888bc\1040\eula.rtf
c:\program files\80238cd411cee888bc\1040\LocalizedData.xml
c:\program files\80238cd411cee888bc\1040\SetupResources.dll
c:\program files\80238cd411cee888bc\1041\eula.rtf
c:\program files\80238cd411cee888bc\1041\LocalizedData.xml
c:\program files\80238cd411cee888bc\1041\SetupResources.dll
c:\program files\80238cd411cee888bc\1042\eula.rtf
c:\program files\80238cd411cee888bc\1042\LocalizedData.xml
c:\program files\80238cd411cee888bc\1042\SetupResources.dll
c:\program files\80238cd411cee888bc\1043\eula.rtf
c:\program files\80238cd411cee888bc\1043\LocalizedData.xml
c:\program files\80238cd411cee888bc\1043\SetupResources.dll
c:\program files\80238cd411cee888bc\1044\eula.rtf
c:\program files\80238cd411cee888bc\1044\LocalizedData.xml
c:\program files\80238cd411cee888bc\1044\SetupResources.dll
c:\program files\80238cd411cee888bc\1045\eula.rtf
c:\program files\80238cd411cee888bc\1045\LocalizedData.xml
c:\program files\80238cd411cee888bc\1045\SetupResources.dll
c:\program files\80238cd411cee888bc\1046\eula.rtf
c:\program files\80238cd411cee888bc\1046\LocalizedData.xml
c:\program files\80238cd411cee888bc\1046\SetupResources.dll
c:\program files\80238cd411cee888bc\1049\eula.rtf
c:\program files\80238cd411cee888bc\1049\LocalizedData.xml
c:\program files\80238cd411cee888bc\1049\SetupResources.dll
c:\program files\80238cd411cee888bc\1053\eula.rtf
c:\program files\80238cd411cee888bc\1053\LocalizedData.xml
c:\program files\80238cd411cee888bc\1053\SetupResources.dll
c:\program files\80238cd411cee888bc\1055\eula.rtf
c:\program files\80238cd411cee888bc\1055\LocalizedData.xml
c:\program files\80238cd411cee888bc\1055\SetupResources.dll
c:\program files\80238cd411cee888bc\2052\eula.rtf
c:\program files\80238cd411cee888bc\2052\LocalizedData.xml
c:\program files\80238cd411cee888bc\2052\SetupResources.dll
c:\program files\80238cd411cee888bc\2070\eula.rtf
c:\program files\80238cd411cee888bc\2070\LocalizedData.xml
c:\program files\80238cd411cee888bc\2070\SetupResources.dll
c:\program files\80238cd411cee888bc\3076\eula.rtf
c:\program files\80238cd411cee888bc\3076\LocalizedData.xml
c:\program files\80238cd411cee888bc\3076\SetupResources.dll
c:\program files\80238cd411cee888bc\3082\eula.rtf
c:\program files\80238cd411cee888bc\3082\LocalizedData.xml
c:\program files\80238cd411cee888bc\3082\SetupResources.dll
c:\program files\80238cd411cee888bc\Client\Parameterinfo.xml
c:\program files\80238cd411cee888bc\Client\UiInfo.xml
c:\program files\80238cd411cee888bc\DHtmlHeader.html
c:\program files\80238cd411cee888bc\DisplayIcon.ico
c:\program files\80238cd411cee888bc\Extended\Parameterinfo.xml
c:\program files\80238cd411cee888bc\Extended\UiInfo.xml
c:\program files\80238cd411cee888bc\Graphics\Print.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate1.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate2.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate3.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate4.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate5.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate6.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate7.ico
c:\program files\80238cd411cee888bc\Graphics\Rotate8.ico
c:\program files\80238cd411cee888bc\Graphics\Save.ico
c:\program files\80238cd411cee888bc\Graphics\Setup.ico
c:\program files\80238cd411cee888bc\Graphics\stop.ico
c:\program files\80238cd411cee888bc\Graphics\SysReqMet.ico
c:\program files\80238cd411cee888bc\Graphics\SysReqNotMet.ico
c:\program files\80238cd411cee888bc\Graphics\warn.ico
c:\program files\80238cd411cee888bc\header.bmp
c:\program files\80238cd411cee888bc\ParameterInfo.xml
c:\program files\80238cd411cee888bc\Setup.exe
c:\program files\80238cd411cee888bc\SetupEngine.dll
c:\program files\80238cd411cee888bc\SetupUi.dll
c:\program files\80238cd411cee888bc\SetupUi.xsd
c:\program files\80238cd411cee888bc\SetupUtility.exe
c:\program files\80238cd411cee888bc\SplashScreen.bmp
c:\program files\80238cd411cee888bc\sqmapi.dll
c:\program files\80238cd411cee888bc\Strings.xml
c:\program files\80238cd411cee888bc\UiInfo.xml
c:\program files\80238cd411cee888bc\watermark.bmp
c:\program files\hl.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-04-26 to 2014-05-26 )))))))))))))))))))))))))))))))
.
.
2014-05-25 18:13 . 2014-05-26 09:45 -------- d-----w- C:\FRST
2014-05-15 19:51 . 2014-05-15 19:51 -------- d-----w- C:\found.001
2014-05-11 13:20 . 2014-05-11 13:20 -------- d-----w- C:\found.000
2014-05-10 07:51 . 2014-05-10 08:13 -------- d-----w- C:\klip
2014-05-09 20:47 . 2014-05-09 20:47 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\system32\mshtml.dll
.
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\system32\wininet.dll
.
[-] 2008-09-23 . D35FFD83F28ABAFDBA4AB5BD4342238F . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-07-12 19:24 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Wondershare Helper Compact.exe"=c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-21 243128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 13:12 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-GB_UPDATE - c:\program files\Razer\Razer Game Booster\AutoUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-26 03:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-05-26 03:02:08
ComboFix-quarantined-files.txt 2014-05-26 10:02
.
Pre-Run: 5.890.039.808 bytes free
Post-Run: 9.160.794.112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - 1200817EF301660694F4497C1CA75D1D
A36C5E4F47E84449FF07ED3517B43A31

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi program SystemLook sa ovog ili ovog linka na Desktop;

Dvoklikom pokreni SystemLook;


- U beli okvir prozora iskopirati sledeći tekst:

:filefind
sfcfiles.dll



Klikni taster Look;


Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.

offline
  • Pridružio: 02 Sep 2013
  • Poruke: 496

evo:

https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Nebi bilo lose da posaljes ovaj fajl na Virus Total https://www.virustotal.com/

c:\windows\system32\sfcfiles.dll

Da bismo bili sigurni, cisto sumnjam da je maliciozan ali za svaki slucaj.

Naravno postavi link sa izvestajem ovde na forum.

offline
  • Pridružio: 02 Sep 2013
  • Poruke: 496

evo:
https://www.virustotal.com/en/file/685a6c61d3a7f85.....401104712/
inace sve je ok barem koliko ja vidim Smile

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dobro je, kako se sada ponasa racunar?

Ko je trenutno na forumu
 

Ukupno su 1341 korisnika na forumu :: 46 registrovanih, 3 sakrivenih i 1292 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Asparagus, babaroga, Battlehammer, bladesu, Botovac, cenejac111, Centauro, dencorr, Georgius, Griffon vulture, havoc995, Ivica1102, Karla, Kruger, kunktator, kuntalo, Lieutenant, loon123, Marko Marković, Mcdado, milan.vukovic, milenko crazy north, Milometer, milutin134, mnn2, operniki, pein, procesor, rodoljub, sasa87, slonic_tonic, Srle993, stegonosa, t84dar, vaso1, vathra, virked, vladaa012, voja64, vukovi, W123, yrraf, YU-UKI, zzapNDjuric99, 79693