Usporeno podizanje sistema i rad računara

1

Usporeno podizanje sistema i rad računara

offline
  • Lanney  Female
  • Novi MyCity građanin
  • Pridružio: 25 Jun 2005
  • Poruke: 24

Pozdrav,
Koristim 32-bitni Windows, pre par dana je počeo usporeno da radi i da se sporo podiže sistem. Pokušala sam da ga skeniram sa Comodom ali je bilo presporo, tako da sam ga obrisala i instalirala Aviru koja je našla jednog trojanca i jedan malware, koje je obrisala. Par dana je bilo sve ok, da bi danas počeo ponovo da brljavi i da se sporo podiže. Takođe mi prijavljuje neku start up grešku.
U Avirinom karantinu sam našla sledeće beštije: GNE/PwdZIP, TR/AgentWMProtect.aah.33 i još jedan isti kao ovaj drugi.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by golijat at 16:08:22 on 2012-12-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3061.1813 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\golijat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\golijat\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [Super-Charger] c:\program files\msi\super-charger\StartSuperCharger.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\golijat\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{02BC3907-61C9-4646-9A6B-A833CA9DFCC7} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{02BC3907-61C9-4646-9A6B-A833CA9DFCC7} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=en_RS&apn_uid=4d7b0f1e-163b-4881-b3ea-dcea3fba2e17&apn_ptnrs=%5EAGY&apn_sauid=B609D2A3-A7D0-457B-BAF0-ECD2AD072F19&apn_dtid=%5EYYYYYY%5EYY%5ERS&&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\golijat\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\golijat\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-10-21 00:23; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-27 19:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-27 21:41; https-everywhere@eff.org; c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2012-12-07 20:39; toolbar@ask.com; c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-12-08 23:57; battlefieldplay4free@ea.com; c:\users\golijat\appdata\roaming\mozilla\firefox\profiles\k10f382e.default\extensions\battlefieldplay4free@ea.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-12-7 36552]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-7-28 291840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-12-7 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-12-7 109344]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-12-7 565024]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-12-7 83432]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-2-9 70272]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-2-9 37944]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-2-9 149632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-9 211984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-2-9 394856]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-2-9 37504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-9 1343400]
.
=============== Created Last 30 ================
.
2012-12-09 00:12:43 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-09 00:12:43 138056 ----a-w- c:\users\golijat\appdata\roaming\PnkBstrK.sys
2012-12-09 00:12:26 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-09 00:12:25 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-08 22:57:58 -------- d-----w- c:\program files\EA Games
2012-12-07 21:54:02 -------- d-sh--w- C:\found.000
2012-12-07 19:40:52 -------- d-----w- c:\users\golijat\appdata\roaming\Avira
2012-12-07 19:39:08 -------- d-----w- c:\program files\Ask.com
2012-12-07 19:39:02 -------- d-----w- c:\users\golijat\appdata\local\APN
2012-12-07 19:38:47 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 19:38:47 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-07 19:38:45 -------- d-----w- c:\programdata\Avira
2012-12-07 19:38:45 -------- d-----w- c:\program files\Avira
2012-12-07 18:36:04 -------- d-----w- c:\programdata\Max Secure
2012-12-07 18:11:37 -------- d-----w- c:\users\golijat\appdata\local\Programs
2012-12-07 18:08:45 -------- d-----w- c:\users\golijat\appdata\local\Max Secure Software
2012-12-07 17:43:48 -------- d-----w- c:\users\golijat\appdata\roaming\GetRightToGo
2012-12-07 06:54:53 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-12-07 06:54:51 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d60dec61-6a38-4b86-b2b9-880b54aa932b}\mpengine.dll
2012-12-01 21:08:22 -------- d-----w- c:\users\golijat\appdata\roaming\Building the Great Wall of China
2012-12-01 21:07:13 -------- d-----w- C:\games
2012-11-27 19:47:33 -------- d-----w- c:\users\golijat\appdata\roaming\Unity
2012-11-27 19:09:28 -------- d-----w- c:\users\golijat\appdata\local\Unity
2012-11-21 20:42:16 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-14 20:26:05 -------- d-----w- c:\users\golijat\appdata\roaming\island_tribe_4_realore_en
2012-11-14 11:30:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:30:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 11:30:19 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:30:19 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:30:19 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:30:19 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:30:19 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:30:18 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:30:18 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:30:18 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:30:15 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:30:14 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-10 15:25:46 -------- d-----w- c:\users\golijat\appdata\local\Macromedia
.
==================== Find3M ====================
.
2012-11-10 09:05:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-10 09:05:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 22:23:38 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-20 22:23:38 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 16:09:17.37 ===============

mycity.rs/must-login.png
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Pozdrav, nedostaju ti GMER izvestaji. Pogledaj ponovo uputstvo...

offline
  • Lanney  Female
  • Novi MyCity građanin
  • Pridružio: 25 Jun 2005
  • Poruke: 24

Sa GMER-om ne mogu da skeniram puca mi računar na pola a RootRepeal neće da mi se instalira, kada
pokušam da pokrenem prvo izbaci "Attempt to write to address 0x01306000" a posle "Attempt to read from address 0x0e13b3d6" i onda sve to izbaci u notpedu ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x00429d13
Attempt to write to address: 0x013e6000

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja.

Za sve ponađene objekte odaberi akciju Skip.

Klikni na Continue.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)

offline
  • Lanney  Female
  • Novi MyCity građanin
  • Pridružio: 25 Jun 2005
  • Poruke: 24

Evo Very Happy
mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Ok, mozes li da postavis Screen Shot Avirinog karantina da vidimo koji je fajl i koja tacno detekcija?

offline
  • Lanney  Female
  • Novi MyCity građanin
  • Pridružio: 25 Jun 2005
  • Poruke: 24

Evo postavljam.

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Arrow Na racunaru nemas aktivnog malware-a, tako da on ne pravi problem...

Pokreni Control Panel --> Programs and Features i obrisi Ask Toolbar. Restartuj racunar.


Takodje, pritisni istovremeno Windows dugme (pored Ctrl) + R i ukucaj msconfig. Odstikliraj sve osim:
- RTHDVCPL
- StartCCC
- avgnt

Potvrdi na OK, pa restartuj racunar.


Arrow Nakon sto ovo uradis, kazi mi ima li poboljsanja?

offline
  • Lanney  Female
  • Novi MyCity građanin
  • Pridružio: 25 Jun 2005
  • Poruke: 24

Da nađem u Startup ovo što si napisao?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15874
  • Gde živiš: Beograd

Tako je, izvini, nisam napisao tu stavku...

Znaci pokrenes Msconfig, Startup tab i tamo destikliras sve stavke osim onih koje sam naveo...

Ko je trenutno na forumu
 

Ukupno su 456 korisnika na forumu :: 2 registrovanih, 1 sakriven i 453 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: dragoljub11987, kaptain