MyCity » Ambulanta -> Arhiva Ambulante » Kornjaca PC

Kornjaca PC

Napisano na dan: 1.11.2010

Kornjaca PC
Sledeća strana Pagination

Idi na vrh

Poslao: 01 Nov 2010 00:59
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Pozdrav dobri ljudi,
Pa da pocnem, u pitanju je poslovni racunar koji koristimo nas 5 pa i vise par meseci je bio u drugoj kancelariji i sada je opet zapao meni!
Problem je sledeci: Pri samom startu racunara dok jos ne pokrenem ni jedan program osim noda32 koji se automatski startuje u task mesindzeru mi prijavljuje da koristi nesto manje od 400mb memorije sto mislim da je previse i da je glavni razlog sporog rada racunara.Osim toga treba mu cela vecnost(6-7minuta) da ugasim racunar tj da ga ponovo pokrenem od toga dobrih 3-4 minuta (saving files) sto mi je takodje neverovatno dugo.
Osim deinstalacije brda bespotrebnih programa i podesavanja startup programa nisam nista bitno radio.
Posto mi je nod pronasao jedan virus isto tako ima dosta virusa u karantinu prikacicu i logove noda poslednji scan racunara i karantin.
Veliki veseli pozdrav,
Ivan

Evo loga:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Rec at 17:14:17,25 on sub 30.10.2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.491 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Rec\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://webmail.pconnect.biz/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rec\applic~1\mozilla\firefox\profiles\9a6ij8ih.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\rec\application data\mozilla\firefox\profiles\9a6ij8ih.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\rec\application data\mozilla\firefox\profiles\9a6ij8ih.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 35168]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2009-1-18 1382672]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2008-2-5 183465]
R3 GV804V3;GV804V3;c:\windows\system32\drivers\GV804V3.sys [2008-2-5 59683]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2010-3-14 96256]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\multi password recovery\mpr_freader.sys --> c:\program files\multi password recovery\mpr_freader.sys [?]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-10-25 659456]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*
.txt=CuteHTML

=============== Created Last 30 ================

2010-10-30 05:54:37 -------- d-----w- c:\docume~1\rec\applic~1\Marvell
2010-10-29 17:21:13 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2010-10-29 17:21:13 57344 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
2010-10-29 17:21:13 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2010-10-29 17:21:13 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2010-10-29 17:21:12 57344 ----a-w- c:\windows\system32\CP1215EWS.dll
2010-10-29 17:21:12 512000 ----a-w- c:\windows\system32\HPIPMX.dll
2010-10-29 17:21:12 237568 ----a-w- c:\windows\system32\HPIPMXRes.dll
2010-10-29 17:21:12 163840 ----a-w- c:\windows\system32\CP1215LI.DLL
2010-10-29 17:21:12 143360 ----a-w- c:\windows\system32\CP1215LM.DLL
2010-10-29 17:21:12 114688 ----a-w- c:\windows\system32\HPMCoSetup.dll
2010-10-29 17:13:40 -------- d-sh--w- c:\windows\ftpcache

==================== Find3M ====================

2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 17:14:53,42 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 01 Nov 2010 01:32
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav ivanhooo!






Arrow

Nisi postavio sadrzaj Gmer1 log-a. Ponovi postupak jos jednom i okaci mi taj log.






goran9888 (AMF Tim)

Poslao: 01 Nov 2010 01:47
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Moja greska lose imanovan file
P.S. Smeta li da instaliram sp3 ili da sacekam?

mycity.rs/must-login.png

Poslao: 01 Nov 2010 17:21
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj računar je čist sto se malware-a tiče.


------------------------------------------------------------

Isprati sledeće:

Klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


---------------------------------------------------------


Predlozi:

- Predlažem ti da detaljnije procitaš pravila ovog dela foruma: LINK
(obrati pažnju na 9. i 10-tu tačku ovog pravilnika)
- Predlažem ti da otvoriš novu temu u Windows potforumu: http://www.mycity.rs/Windows/ , i detaljno opišeš problem jer ovde nije problem do malware-a.



Hvala što veruješ AMF Timu Ziveli


Pozdrav,
goran9888 (AMF Tim)

Poslao: 03 Nov 2010 09:45
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Hvala na izdvojenom vremenu i strpljenju
Veliki pozdrav,
Ivan

MyCity » Ambulanta -> Arhiva Ambulante » Kornjaca PC

Ko je trenutno na forumu
 

Ukupno su 1099 korisnika na forumu :: 46 registrovanih, 7 sakrivenih i 1046 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Apok, bojcistv, Boris BM, ccoogg123, darkangel, Darko001, Denaya, DonRumataEstorski, draganca, dragoljub11987, drimer, esx66, FileFinder, Frunze, goxin, Još malo pa deda, Karla, Krvava Devetka, kunktator, Marko Marković, Mercury, Metanoja, milenko crazy north, Milometer, moldway, mrvica78, nemkea71, Nobunaga, ozzy, radoznao, repac, RJ, Sirius, slonic_tonic, Stanlio, TheBeastOfMG, Toper, Trpe Grozni, uruk, vathra, vladulns, wolf431, Zoca, žeks62