Sistem usporen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav, sistem mi je jako usporen (sto zbog lose konfiguracije) sto mozda zbog virusa i ne znam cega jos. Juce mi je mcshiled prijavio viruse na flesci pa sumnjam da ima malware u racunaru. Ako moze provjera logova i dalja upustva. Hvala.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by User at 17:51:03 on 2013-02-01
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.128.38 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Documents and Settings\User\rioom.exe
C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
uURLSearchHooks: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - <orphaned>
uURLSearchHooks: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
BHO: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - <orphaned>
BHO: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - <orphaned>
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BrotherSoft Extreme Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSIDLL] rundll32.exe msikap32.dll,knlXPm
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [rioom] c:\documents and settings\user\rioom.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - [Link mogu videti samo ulogovani korisnici]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_26.dll
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\youtubedownloader\YouTubeDownloader.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\PrivacyProvider.dll
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7E5BBA58-0594-4C2B-9633-2DCEC970DB83} : DHCPNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs=
SSODL: 0aMCPClient - <orphaned>
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-26 54760]
R3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2010-7-11 28919]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\jmnihn.sys --> c:\windows\system32\drivers\jmnihn.sys [?]
R3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2010-7-10 70528]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-31 40776]
.
=============== Created Last 30 ================
.
2013-02-01 13:01:51 103140 --sh--r- C:\pppag.exe
2013-01-31 18:43:35 118784 --sh--r- c:\documents and settings\user\rioom.exe
2013-01-31 17:18:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-31 17:18:44 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2013-01-31 17:18:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-12 11:48:16 -------- d-----w- c:\program files\AVAST Software
2013-01-09 20:02:42 -------- d-----w- c:\program files\TGTSoft
2013-01-06 19:25:41 178688 ----a-w- c:\windows\system32\unrar.dll
.
==================== Find3M ====================
.
2013-01-09 19:52:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 19:52:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-03 17:17:26 176640 ----a-w- c:\windows\system32\msikap32.dll
.
============= FINISH: 17:54:43.26 ===============



[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, Springfieldova



Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti sljedeće solucije:

1) Da posjetiš temu Primena Live CD Rescue rešenja kako bi skenirala računar sa nekim RescueCD rješenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rješenjima. Ovo ti je najlakša solucija, ako nisi zainteresovana za reinstalaciju operativnog sistema.

2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).

3) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.

Javi za koju si se varijantu odlučila.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala.

Odlučila sam se za varijantu 3.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, kada zavrsis, postavi mi svez DDS.txt izvestaj, da proverim da li je infekcija uklonjena uspesno...