ComboFix

Pozdrav,

novi sam ovdje pa se unaprijed ispricavam ako je tema na krivom podforumu. Vec nekoliko dana imam problema sa laptopom (emachines E725), tako sto se poceo gasiti svakih sat vremena (otprilike), također nisam mogao koristiti "Task Manager", i sam od sebe je poceo praviti shortcute raznih foldera. Dva puta sam stavljao nove Windowse (7), i sve bi bilo ok dok ne bih poceo instalirati neki od programa sa druge particije, tada bih opet izgubio mogucnost koristenja task managera itd. Ovo sto se tice gasenja ne znam da li ima veze sa time ali ostatak mislim da ima. Na jednoj drugoj temi sam vidio slican problem i netko je predlozio ComboFix, ali sam na istoj temi procitao da kad combofix odradi svoje da ne mora znaciti da je sve ok. Instalirao sam ga, odradio je svoje, task manager se vratio, i sada bih molio nekoga tko se razumije u Combofix da mi prevede sto znaci ovo sto mi je izbacio, tj, da mi kaze jel to "to" ili trebam poduzeti jos neke korake (u temi na kojoj sam vidio preporuku combofixa je taj netko npr. trebao nastaviti i sa SalityKiller-om, ali posto se ja ne razumijem u ovo sto mi je combofix izbacio trebao bih pomoc). Dakle ovo kaze ComboFix:

________________________

ComboFix 12-07-01.03 - Divinus 1.07.2012.  20:54:15.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.3002.2188 [GMT 2:00]
Running from: c:\users\Divinus\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-01 to 2012-07-01  )))))))))))))))))))))))))))))))
.
.
2012-07-02 02:49 . 2012-07-01 16:59    --------    d-----w-    c:\windows\Panther
2012-07-01 18:57 . 2012-07-01 18:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-07-01 18:25 . 2006-10-26 17:56    33104    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-07-01 18:25 . 2006-10-26 17:56    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2012-07-01 18:24 . 2012-07-01 18:24    --------    d-----w-    c:\program files\Microsoft Works
2012-07-01 18:23 . 2012-07-01 18:23    --------    d-----w-    c:\windows\PCHEALTH
2012-07-01 18:23 . 2012-07-01 18:23    --------    d-----w-    c:\program files\Microsoft.NET
2012-07-01 18:22 . 2012-07-01 18:22    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2012-07-01 18:21 . 2012-07-01 18:26    --------    d-----w-    c:\programdata\Microsoft Help
2012-07-01 18:21 . 2012-07-01 18:21    --------    d-----r-    C:\MSOCache
2012-07-01 17:46 . 2012-07-01 17:46    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2012-07-01 17:32 . 2012-06-18 01:14    6762896    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3586E92-7612-4504-8CB8-AEECD9FC5540}\mpengine.dll
2012-07-01 17:32 . 2012-02-23 08:18    237072    ------w-    c:\windows\system32\MpSigStub.exe
2012-07-01 17:20 . 2012-07-01 17:20    --------    d-----w-    c:\program files\Nero
2012-07-01 17:20 . 2012-07-01 17:35    --------    d-----w-    c:\programdata\Nero
2012-07-01 17:18 . 2012-07-01 18:26    --------    d-sh--w-    c:\windows\Installer
2012-07-01 17:12 . 2012-07-01 17:12    --------    d-----w-    c:\program files\PowerISO
2012-07-01 17:00 . 2012-07-01 17:01    --------    d-----w-    c:\users\Divinus
2012-07-01 16:59 . 2012-07-01 16:59    --------    d-----w-    c:\windows\system32\Wat
2012-07-01 16:58 . 2012-07-01 16:58    --------    d-----w-    C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 16:59 . 2010-11-20 21:29    409088    ----a-w-    c:\windows\system32\systemcpl.dll
2012-07-01 16:59 . 2010-11-20 21:29    13824    ----a-w-    c:\windows\system32\slwga.dll
2012-07-01 16:59 . 2010-11-20 21:29    811520    ----a-w-    c:\windows\system32\user32.dll
2012-06-14 22:20 . 2012-07-01 17:46    85472    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-01 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanSetup"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SCDEMU
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 83.139.104.2 83.139.105.2
FF - ProfilePath - c:\users\Divinus\AppData\Roaming\Mozilla\Firefox\Profiles\ocsc0wnj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(18220)
c:\windows\System32\ieframe.dll
.
Completion time: 2012-07-01  21:00:15
ComboFix-quarantined-files.txt  2012-07-01 19:00
ComboFix2.txt  2012-07-01 18:43
.
Pre-Run: 38.344.024.064 bytes free
Post-Run: 38.070.108.160 bytes free
.
- - End Of File - - B1AD6F7BA42AEF1958B8CFD3AF7EF900

_______________________________________________

Unaprijed hvala ako se nade pomagac :D

Možda bi trebao skenirati cijelo računalo sa Emsisoft Emergency Kit i nakon toga sa Malwarebytes Antimalware

Vidim gore piše Windows Defender enabled, nije valjda da njega koristiš? To je kao da nemaš ništa, stavi Avira antivirus ili Avast ili Panda free.

Koristi jednom tjedno CCleaner i gore navedeni malwarebytes i nadam se da imaš AdblockPlus i WOT u browseru

Možeš si namjestiti i NortonDNS obajšnjeno ovdje