usporen internet i racunar...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Usporen internet i racunar...

Molim proveru..




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 16:36:58 on 2014-04-26
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.768.229 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = IE
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: SFCDisable = dword:-99
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SystemTray] SysTray.Exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] c:\windows\lastxp\NewUser.cmd
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSMHelp = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: NameServer = 77.77.192.10 77.78.192.10
TCP: Interfaces\{D3C917A6-EF60-406A-B4B7-F57B1A7715C9} : DHCPNameServer = 77.77.192.10 77.78.192.10
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\application data\mozilla\firefox\profiles\ek9fvv7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-17 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-8-30 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-17 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-17 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-17 46808]
R2 Skype C2C Service;Skype C2C Service;c:\users\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-4-15 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
.
=============== Created Last 30 ================
.
2014-03-30 11:48:59 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-03-30 11:48:57 6128760 ----a-w- c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2014-03-30 11:48:56 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-03-30 11:48:56 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-03-30 11:48:56 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2014-03-12 14:48:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 14:48:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 16:37:40.10 ===============

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.

Imas modifikovanu verziju Windowsa, cisto da ti kazem da znas. Taj ko ti je instalirao sistem nije trebao tako nesto da radi.



Preuzmi Farbar-ov Farbar Recovery Scan Tool () sa ove adrese na Desktop:
Postoji 32bit. i 64bit.-na verzija. Potrebno je preuzeti verziju koja je kompatibilna sa tvojim sistemom.
Ako nisi siguran koja verzija se odnosi na tvoj sistem, preuzmi ih obe i pokreni. Samo jedan od njih će raditi na tvom sistemu, to će biti prava verzija.

dvoklikom pokreni program, kada se alat pokrene klikni Yes na disclaimer prozor;
pričekati koji trenutak dok alat proverava postoji li novija verzija;
klikni na dugme Scan;
po završetku skeniranja, alat će formirati izveštaj (FRST.txt) u isti direktorijum gde je FRST alat sačuvan;
iskopiraj sadržaj FRST.txt izveštaja u poruku;
po prvom pokretanju, alat bi trebao formirati i dodatni izveštaj (Addition.txt);
okači Addition.txt izveštaj uz poruku koristeći opciju Prikači fajl

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 03
Ran by Administrator (administrator) on LASTXP on 26-04-2014 18:18:33
Running from C:\Users\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SystemTray] => C:\WINDOWS\system32\SysTray.Exe [3072 2001-08-23] (Microsoft Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [ClassicShell] 0
HKU\.DEFAULT\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\RunOnce: [NewUser] - C:\WINDOWS\LastXP\NewUser.cmd [2375 2009-02-18] ()
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-1275210071-1292428093-1177238915-500\...\Policies\Explorer: [NoCloseDragDropBands] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {413B5CC1-636B-4363-94ED-C76F3C414BB7} URL = search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b0f4d6ed00000000000000112f518857&r=734
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 77.77.192.10 77.78.192.10

FireFox:
========
FF ProfilePath: C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\ek9fvv7k.default
FF Homepage: hxxp://www.google.ba/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Extension: No Name - C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\ek9fvv7k.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-08-02]
FF Extension: Adblock Filterset.G Updater - C:\Program Files\Mozilla Firefox\extensions\filtersetg@updater [2014-03-30]
FF Extension: PDF Download - C:\Program Files\Mozilla Firefox\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2014-03-30]
FF Extension: IE View - C:\Program Files\Mozilla Firefox\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-30]
FF Extension: Adblock Plus - C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2014-03-30]
FF Extension: Download Statusbar - C:\Program Files\Mozilla Firefox\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2014-03-30]
FF Extension: DownThemAll! - C:\Program Files\Mozilla Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-30]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013-04-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-17]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2013-04-17] (Sun Microsystems, Inc.)
R2 Skype C2C Service; C:\Users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-04-15] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [43520 2008-09-22] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 IntelS51; C:\WINDOWS\System32\DRIVERS\IntelS51.sys [1903370 2004-12-23] (Intel Corporation)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [13976 2008-12-16] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
S0 usbohci; system32\DRIVERS\usbohci.sys [X]
U1 WS2IFSL;
U3 mbr; \??\C:\Windows\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 18:18 - 2014-04-26 18:18 - 00009465 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-26 18:18 - 2014-04-26 18:18 - 00000000 ____D () C:\FRST
2014-04-26 18:16 - 2014-04-26 18:16 - 01049088 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-04-26 16:37 - 2014-04-26 16:37 - 00011461 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-04-26 16:37 - 2014-04-26 16:37 - 00006906 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-04-26 16:33 - 2014-04-26 16:33 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2014-04-26 16:04 - 2014-04-26 16:04 - 02856736 _____ (MyCity) C:\Users\Administrator\Desktop\MCShield-Setup.exe
2014-04-26 16:00 - 2014-04-26 16:00 - 05196870 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-04-11 17:23 - 2014-04-18 22:58 - 00000000 ____D () C:\Users\Administrator\My Documents\Adna
2014-04-09 23:46 - 2014-04-09 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-03-30 13:48 - 2014-03-30 13:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-26 18:18 - 2014-04-26 18:18 - 00009465 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-04-26 18:18 - 2014-04-26 18:18 - 00000000 ____D () C:\FRST
2014-04-26 18:18 - 2013-04-17 23:15 - 00000000 ____D () C:\Users\Administrator\Application Data\Skype
2014-04-26 18:16 - 2014-04-26 18:16 - 01049088 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-04-26 18:00 - 2013-06-19 00:13 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job
2014-04-26 17:48 - 2013-10-20 20:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-26 16:37 - 2014-04-26 16:37 - 00011461 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-04-26 16:37 - 2014-04-26 16:37 - 00006906 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-04-26 16:33 - 2014-04-26 16:33 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2014-04-26 16:13 - 2013-04-17 22:03 - 01419584 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-26 16:12 - 2014-03-23 16:17 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-26 16:12 - 2013-06-19 00:13 - 00000300 _____ () C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job
2014-04-26 16:12 - 2013-06-12 11:31 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-26 16:12 - 2013-06-12 11:31 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-26 16:12 - 2013-04-17 23:07 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-26 16:12 - 2013-04-17 22:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-26 16:12 - 2001-08-23 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-26 16:11 - 2013-04-17 22:12 - 00000178 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-26 16:11 - 2013-04-17 22:10 - 00032446 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-26 16:04 - 2014-04-26 16:04 - 02856736 _____ (MyCity) C:\Users\Administrator\Desktop\MCShield-Setup.exe
2014-04-26 16:00 - 2014-04-26 16:00 - 05196870 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-04-23 09:51 - 2013-04-17 22:12 - 00000000 ____D () C:\Users\Administrator
2014-04-18 22:58 - 2014-04-11 17:23 - 00000000 ____D () C:\Users\Administrator\My Documents\Adna
2014-04-11 23:51 - 2013-04-18 07:24 - 00000000 ____D () C:\WINDOWS\pchealth
2014-04-09 23:46 - 2014-04-09 23:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:46 - 2013-08-15 23:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 23:44 - 2013-04-17 22:15 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 23:43 - 2013-04-17 23:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-08 15:04 - 2014-03-23 16:17 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-31 13:56 - 2013-04-17 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 13:50 - 2014-03-30 13:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-30 10:53 - 2013-04-18 07:51 - 00356120 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-30 00:14 - 2013-04-17 23:14 - 00002267 _____ () C:\Users\All Users\Desktop\Skype.lnk

Files to move or delete:
====================
C:\Users\Administrator\SetupS.reg
C:\Users\Default User\SetupS.reg


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2009-03-08 11:10] - [2009-03-08 11:10] - 1723904 ____A (Microsoft Corporation) e1f5f729264c8af1d6a95ecd1c8086dd

C:\WINDOWS\system32\winlogon.exe
[2009-03-08 11:12] - [2009-03-08 11:12] - 0568832 ____A (Microsoft Corporation) 3d1abdc3009d6b7ca7f9e66769c126ca

C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll
[2009-03-08 11:12] - [2009-03-08 11:12] - 0575488 ____A (Microsoft Corporation) 99c1acb1b8f0f2cecc56515e502b5120

C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S0].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo Ivice


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otkud mi znas ime



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 14-04-26.01 - Administrator 26/04/2014 19:04:25.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.768.289 [GMT 2:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\logonui.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2014-03-26 to 2014-04-26 )))))))))))))))))))))))))))))))
.
.
2014-04-26 16:49 . 2014-04-26 16:49 -------- d-----w- c:\users\All Users\Application Data\MCShield
2014-04-26 16:49 . 2014-04-26 16:49 -------- d-----w- c:\program files\MCShield
2014-04-26 16:36 . 2014-04-26 16:46 -------- d-----w- C:\AdwCleaner
2014-04-26 16:18 . 2014-04-26 16:20 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 14:48 . 2013-04-17 21:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 14:48 . 2013-04-17 21:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59 . 2009-03-08 09:12 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2009-03-08 09:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2009-03-08 09:03 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2009-03-08 09:03 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2009-03-08 09:03 385024 ------w- c:\windows\system32\html.iec
2014-02-26 01:59 . 2014-03-22 15:49 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 02:01 . 2009-03-08 09:02 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 03:42 562688 ----a-w- c:\windows\system32\qedit.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-03-08 09:09 . 403EBA8EE2967BA93E07138400972EE3 . 1443840 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 200EA506B86F7E9E6C37820D2BB5F39B . 210944 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [17/04/2013 11:07 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [17/04/2013 11:07 PM 177864]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [30/08/2013 9:47 PM 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/04/2013 11:07 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2013 11:07 PM 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2013 11:07 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [17/04/2013 11:06 PM 66336]
S2 Skype C2C Service;Skype C2C Service;c:\users\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [15/04/2013 3:27 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 10:45 AM 161384]
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-20 14:48]
.
2014-04-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-17 07:47]
.
2014-04-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\ek9fvv7k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2014-04-26 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1292428093-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,c1,aa,1b,7f,b9,12,4e,b4,e2,32,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,c1,aa,1b,7f,b9,12,4e,b4,e2,32,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\system32\msi.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2014-04-26 19:12:03
ComboFix-quarantined-files.txt 2014-04-26 17:12
.
Pre-Run: 31,629,979,648 bytes free
Post-Run: 31,606,280,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
.
- - End Of File - - 5F7DD2193ADC18B92E13A822146F303F
8F558EB6672622401DA993E1E865C861

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi program SystemLook sa ovog ili ovog linka na Desktop;

Dvoklikom pokreni SystemLook;


- U beli okvir prozora iskopirati sledeći tekst:

:filefind
logonui.exe



Klikni taster Look;


Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

evo


mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Cist je racunar.

Kao sto sam ti vec napisao imas problem sa tim LastXP-om. Iz samih logova se vidi da je mnogo sta menjano na njemu i tu nema popravke.

Ima li kakvog poboljasanja posle Combofixa?