MyCity » Ambulanta -> Arhiva Ambulante » Zamrzne strelica od misa

Zamrzne strelica od misa

Napisano na dan: 16.12.2012

Zamrzne strelica od misa
Sledeća strana Pagination

Idi na vrh

Poslao: 16 Dec 2012 17:27
Idi na vrh
offline
  • Dario V.
  • Pridružio: 10 Jan 2012
  • Poruke: 975

zdravo!


Sinoc sam uzeo skenirao komp sa avirom i sa anty malwarebytes.

To je sve ukupno trajalo oko 6 sati !

Sto je avira pronasla u karantin je smesteno, a anty malwarebytes sto je pronasao sam obrisao. I trazio je restart, ja sam gau restartovoa i odmah ga ugasio otisoa spavait, jutros kad sam ustao vidim da mi mis na svaki minut zamrzne, dakle sotji strelica 2 sekunde pa prokine, pa onda opt kroz minut opet zamrzne4 2 sekunde pa prokine !

Internet brzina 2.5 MBps

Dakle ne desava se samo u browserima nego i ovako kada cackam nesot po dkumentima, ali igrao sam kanter i tamo nije nikako !


DDS :

DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.9.2
Run by Milan at 16:05:21 on 2012-12-16
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1535.87 [GMT 1:00]
.
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Milan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]{A331233A-3EA3-49F8-94EC-80933BF6547C}&mid=46bcde84ca2747d0bdb7d15e776623ca-21e573f1d3bb7183e76dae9866480688476e3d50&lang=en&ds=gl011&pr=sa&d=2012-07-22 18:50:44&v=12.1.0.20&sap=hp
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\Milan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_265_Plugin.exe -update plugin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\Milan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{02BDE24E-83A4-4333-8268-0C5DC49B592F} : DHCPNameServer = 192.168.1.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Milan\appdata\roaming\mozilla\firefox\profiles\pq67kqb3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Milan\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-07-20 22:29; [Link mogu videti samo ulogovani korisnici]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=2912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 106406e300000000000000173182ca39
FF - user.js: extensions.BabylonToolbar_i.hardId - 106406e300000000000000173182ca39
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15543
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:42:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-20 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-7-22 242240]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-20 83392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-15 18:39:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-24 13:03:07 -------- d-----w- c:\program files\Counter-Strike 1.6
2012-11-22 17:55:49 -------- d-----w- c:\users\Milan\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2012-11-05 21:21:23 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2012-10-23 22:19:44 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-23 22:19:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-23 22:19:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:12:27,54 ===============



[Link mogu videti samo ulogovani korisnici]

________________________________________________________

Attach:
[Link mogu videti samo ulogovani korisnici]

________________________________________________________
Gmer1:
[Link mogu videti samo ulogovani korisnici]

________________________________________________________
Gmer2:
[Link mogu videti samo ulogovani korisnici]

________________________________________________________
Gmer3:
[Link mogu videti samo ulogovani korisnici]

________________________________________________________

To je to !
hvala!



Poslao: 16 Dec 2012 19:19
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Mozes li da uslikas te detekcije da vidimo o cemu se radi...?

Arrow Sto se tice Avire, imas karticu Quarantine u okviru programa. Postavi ScreenShot.

Kako napraviti ScreenShot --> [Link mogu videti samo ulogovani korisnici]



Arrow Za Malwarebytes, imas karticu Logs/Izvestaji. Klikni dva puta na poslednji/najnoviji. Kada se izvestaj otvori, prekopiraj njegov sadrzaj ovde...



Poslao: 16 Dec 2012 19:37
Idi na vrh
offline
  • Dario V.
  • Pridružio: 10 Jan 2012
  • Poruke: 975

Napisano: 16 Dec 2012 19:32

Evo vec 1h mi nije nikako zamrzlo cudno o.O .

inace kada sam krenuo sada da otvorim aviru izbacilo mi ovo:




Sto se tice ovog malware anti bytes-a obrisani su logovi :/ !

Dopuna: 16 Dec 2012 19:37

Evo karantin od Malware Bytesa sto je juce smestio tamo nakon skeniranja:

Ovo plavim to je od juce :



Poslao: 16 Dec 2012 19:51
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow U pretrazivacu ukucaj chrome://extensions, pritisni Enter. Ako ima Babylon, klikni na kantu pored njega, kako bi ga uklonio...



Arrow Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok
Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt



Arrow Ima li i dalje problema?

Poslao: 16 Dec 2012 20:12
Idi na vrh
offline
  • Dario V.
  • Pridružio: 10 Jan 2012
  • Poruke: 975

[Link mogu videti samo ulogovani korisnici]

Vidjecu da li ce biti problema, fazon je u tome sto vec se ne desava 1h tj od kako sam otvorio ovdje temu, a kada sam otvorio tamo temu u Windows tada je ubijalo znaci !

Poslao: 16 Dec 2012 20:18
Idi na vrh
offline
  • Pridružio: 09 Avg 2011
  • Poruke: 15879
  • Gde živiš: Beograd

Arrow To bi bilo to. Ukoliko i dalje bude problema, javi se ponovo u temu u Windows potforumu.



Arrow Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije završi.



Arrow Sto se tice problema sa Avirom, potencijalno resenje problema je u ovoj poruci. To je bag koji nikako da isprave godinama...



Arrow Nemas instaliran Service Pack 1 za tvoj sistem, a pretpostavljam ni ostale apdejtove. Obavezno azuriraj sistem.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: [Link mogu videti samo ulogovani korisnici]

Više o MCShield-u možeš saznati u ovim temama:
v1: [Link mogu videti samo ulogovani korisnici]
v2: [Link mogu videti samo ulogovani korisnici]



Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: [Link mogu videti samo ulogovani korisnici]



Arrow Takode, isprati i temu "Kako izbeci i ukloniti toolbar-ove" , procitaj i isprati korake u njoj. Link do teme je: [Link mogu videti samo ulogovani korisnici]



TwinHeadedEagle (AMF Tim)

Poslao: 17 Dec 2012 07:20
Idi na vrh
offline
  • Dario V.
  • Pridružio: 10 Jan 2012
  • Poruke: 975

Opet isto i posle Ambulante!




Onaj Mc shield nisam skida, a ni za browser ranjivost onu.

Update ne smijem raditi, jer ako uradim updateuje mi se i graficka, a to ne smije posto nije ispravna i onda cu imati BSOD .

MyCity » Ambulanta -> Arhiva Ambulante » Zamrzne strelica od misa

Ko je trenutno na forumu
 

Ukupno su 876 korisnika na forumu :: 42 registrovanih, 8 sakrivenih i 826 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 100jan, Apok, Ba4e, Blair, bojcistv, bokicacar, deLacy, djboj, Dovla 1980, Dusko Nikolin, DuškoMraz, igorpet, Jeremiah, JOntra, Kalem, Karabin, kreker, kunktator, Marko Marković, MarkoW, Metanoja, Miha79, MIKI63, MIKULENCE, Milos1389, momcilob55, Mrav Obrad, nebidrag, raptorsi, ruger357, samocitam, Shadow soldier, shone34, skok, sslay, Stevan Visoki, styg, The Boss, Tribal, vathra, Vatreni Zmaj, zzapNDjuric99