Usporen rad racunara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 19 Jan 2011 14:35

Vec izvesno vreme, racunar radi sve usporenije a u poslednjih nekoliko dana zaista jako sporo radi. Pokusao sam danas Bitdefenro online skenom da vidim sta je, onjenasao nekoliko virusa ali nije odradio do kraja jer se racunar restartovao pred kraj. Istovremeno i KIS je pronasao par losih programa Nesto izbrisao, nesto ne moze...

Detected (1)
2.11.2010 12:17:16 Detected legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger C:\PROGRAM FILES\COMBINED COMMUNITY CODEC PACK\MPC\MPC-HC.EXE Medium



DDS (Ver_10-12-12.02) - NTFSx86
Run by Sasa at 14:25:47,32 on ??? 19.01.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sasa\Desktop\dds.pif
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sasa\applic~1\mozilla\firefox\profiles\wvh9xwk7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: <em:id>smxtra5@smileyxtra.co.uk: smxtra5@smileyxtra.co.uk - %profile%\extensions\smxtra5@smileyxtra.co.uk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R? gupdate;
R? ICQ Service;ICQ Service
S? AVP;Kaspersky Anti-Virus Service
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT

=============== Created Last 30 ================

2011-01-17 07:47:24 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-17 07:47:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-01-17 07:47:23 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-01-16 15:30:40 -------- d-----w- c:\documents and settings\sasa\Tracing
2011-01-16 15:22:32 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-01-16 15:10:35 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc76.tmp
2011-01-16 14:52:18 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc71.tmp
2011-01-16 14:50:47 -------- d-----w- c:\program files\common files\Windows Live
2011-01-08 14:39:49 -------- d-----w- c:\windows\Logs
2011-01-08 14:38:42 -------- d-----w- c:\program files\Winamp Detect
2011-01-04 20:45:37 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-04 20:44:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\ICQ
2011-01-04 20:41:04 -------- d-----w- c:\docume~1\sasa\locals~1\applic~1\AOL
2011-01-04 20:38:55 -------- d-----w- c:\program files\ICQ7.2
2010-12-25 16:47:44 876544 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-12-25 16:47:44 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-12-25 16:47:44 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-12-25 16:47:44 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-12-25 16:47:44 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2010-12-25 16:47:44 454656 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-12-25 16:47:44 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-12-25 16:47:44 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-12-25 16:47:44 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-12-25 16:47:40 -------- d-----w- c:\program files\Audio Edit Magic

==================== Find3M ====================

2011-01-15 18:20:37 1056 --sha-w- C:\nj0jovma.sys
2010-12-15 11:13:24 63 ----a-w- c:\windows\SW_Win3112X32.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-27 12:11:04 81984 ----a-w- c:\windows\system32\bdod.bin
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 14:28:21,84 ===============

Dopuna: 19 Jan 2011 14:36

Izvinite, nisam odmah postaio attach


https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav goust!









Nisi ispratio detaljno Uputstvo za otvaranje teme: UPUTSTVO
Postavi preostale GMER (3 log-a) ili RootRepeal log-ove.








goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jan 2011 15:18

Ispratio sam, nece da odradi Gmer a evo sad drugi put pokusavam sa Rotrepeal-om. Prijavi neki error i prekine rad.

Dopuna: 19 Jan 2011 15:18

Cim uspem da odradim postavicu izvestaje.

Dopuna: 19 Jan 2011 15:31

Evo opet isto upozorenje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokusaj ovako ...



Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.





goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo napokon
https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Oduzilo se skeniranje, jel'?



Ovako ...


Ovde nije problem do malware-a.



-----------------------------



Ja cu ti predloziti sada sta sve da odradis, a ti ako imas pitanja postavi ih u potforumu (otvori novu temu) Windows:
http://www.mycity.rs/Windows/

- Deinstaliraj aplikacije koje ne koristis (start -> control panel -> add or remove programs);
- Uz pomoc nekog Junk cleaner-a (npr CCleaner) ocisti sistem od nepotrebnih fajlova (npr temp fajlovi);
- Uz pomoc nekog registry cleaner-a sredi registry;
- Defragmentuj particije (start > run -> dfrg.msc);
- Ja bih deinstalirao i KIS2011 (po meni, najverovatnije je on uzrocnik problema) i presao na koriscenje nekog drugog anti-malware software-a, no na tebi je da doneses konacnu odluku po tom pitanju.