MyCity » Ambulanta -> Arhiva Ambulante » Kornjaca PC

Kornjaca PC

Napisano na dan: 1.11.2010

Kornjaca PC
Sledeća strana Pagination

Idi na vrh

Poslao: 01 Nov 2010 00:59
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Pozdrav dobri ljudi,
Pa da pocnem, u pitanju je poslovni racunar koji koristimo nas 5 pa i vise par meseci je bio u drugoj kancelariji i sada je opet zapao meni!
Problem je sledeci: Pri samom startu racunara dok jos ne pokrenem ni jedan program osim noda32 koji se automatski startuje u task mesindzeru mi prijavljuje da koristi nesto manje od 400mb memorije sto mislim da je previse i da je glavni razlog sporog rada racunara.Osim toga treba mu cela vecnost(6-7minuta) da ugasim racunar tj da ga ponovo pokrenem od toga dobrih 3-4 minuta (saving files) sto mi je takodje neverovatno dugo.
Osim deinstalacije brda bespotrebnih programa i podesavanja startup programa nisam nista bitno radio.
Posto mi je nod pronasao jedan virus isto tako ima dosta virusa u karantinu prikacicu i logove noda poslednji scan racunara i karantin.
Veliki veseli pozdrav,
Ivan

Evo loga:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Rec at 17:14:17,25 on sub 30.10.2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.491 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Rec\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://webmail.pconnect.biz/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rec\applic~1\mozilla\firefox\profiles\9a6ij8ih.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\documents and settings\rec\application data\mozilla\firefox\profiles\9a6ij8ih.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\rec\application data\mozilla\firefox\profiles\9a6ij8ih.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 35168]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2009-1-18 1382672]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R3 AGV;AGV;c:\windows\system32\drivers\AGV.sys [2008-2-5 183465]
R3 GV804V3;GV804V3;c:\windows\system32\drivers\GV804V3.sys [2008-2-5 59683]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2010-3-14 96256]
S3 mpr_freader;MPR FileReader Driver;\??\c:\program files\multi password recovery\mpr_freader.sys --> c:\program files\multi password recovery\mpr_freader.sys [?]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-10-25 659456]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*
.txt=CuteHTML

=============== Created Last 30 ================

2010-10-30 05:54:37 -------- d-----w- c:\docume~1\rec\applic~1\Marvell
2010-10-29 17:21:13 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2010-10-29 17:21:13 57344 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
2010-10-29 17:21:13 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2010-10-29 17:21:13 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2010-10-29 17:21:12 57344 ----a-w- c:\windows\system32\CP1215EWS.dll
2010-10-29 17:21:12 512000 ----a-w- c:\windows\system32\HPIPMX.dll
2010-10-29 17:21:12 237568 ----a-w- c:\windows\system32\HPIPMXRes.dll
2010-10-29 17:21:12 163840 ----a-w- c:\windows\system32\CP1215LI.DLL
2010-10-29 17:21:12 143360 ----a-w- c:\windows\system32\CP1215LM.DLL
2010-10-29 17:21:12 114688 ----a-w- c:\windows\system32\HPMCoSetup.dll
2010-10-29 17:13:40 -------- d-sh--w- c:\windows\ftpcache

==================== Find3M ====================

2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 17:14:53,42 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 01 Nov 2010 01:32
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav ivanhooo!






Arrow

Nisi postavio sadrzaj Gmer1 log-a. Ponovi postupak jos jednom i okaci mi taj log.






goran9888 (AMF Tim)

Poslao: 01 Nov 2010 01:47
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Moja greska lose imanovan file
P.S. Smeta li da instaliram sp3 ili da sacekam?

mycity.rs/must-login.png

Poslao: 01 Nov 2010 17:21
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj računar je čist sto se malware-a tiče.


------------------------------------------------------------

Isprati sledeće:

Klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


---------------------------------------------------------


Predlozi:

- Predlažem ti da detaljnije procitaš pravila ovog dela foruma: LINK
(obrati pažnju na 9. i 10-tu tačku ovog pravilnika)
- Predlažem ti da otvoriš novu temu u Windows potforumu: http://www.mycity.rs/Windows/ , i detaljno opišeš problem jer ovde nije problem do malware-a.



Hvala što veruješ AMF Timu Ziveli


Pozdrav,
goran9888 (AMF Tim)

Poslao: 03 Nov 2010 09:45
Idi na vrh
offline
  • Pridružio: 05 Nov 2008
  • Poruke: 14

Hvala na izdvojenom vremenu i strpljenju
Veliki pozdrav,
Ivan

MyCity » Ambulanta -> Arhiva Ambulante » Kornjaca PC

Ko je trenutno na forumu
 

Ukupno su 932 korisnika na forumu :: 14 registrovanih, 3 sakrivenih i 915 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: brundo65, dragoljub11987, goxin, ILGromovnik, Insan, JOntra, Koridor, kovac9mm, Krvava Devetka, kybonacci, pein, radionica1, wizzardone, šumar bk2