|
Poslao: 01 Jul 2011 22:31
|
offline
- Pridružio: 04 Jan 2009
- Poruke: 141
- Gde živiš: SRBIJA
|
Napisano: 01 Jul 2011 20:41
Pre 13 dana sam imao problem evo ovde:
mycity.rs/Ambulanta/XP-Security-2012.html
Od juce mi komp luduje tj zakucava stalno opet, kad zakuca ne moze da se povrati po sat vremena i onda iskacu neki prozori kao ne moze da snimi nesto na particiju E.
I jako sporo radi uzas jedan.
Od interneta imam Telekomov ADSL 1500/256
a evo i logova:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.3311 BrowserJavaVersion: 1.6.0_26
Run by Popa at 20:26:57 on 2011-07-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.523 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyServer = 192.168.1.1:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [HTC Home] "c:\program files\htc home\HTCHome.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://ns.zigns.rs/ActiveX/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{67AD0E66-354B-4DDB-AF30-4DECF1F67CBB} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - plugin: c:\documents and settings\popa\application data\mozilla\firefox\profiles\xf1qdf27.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\popa\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewerportable_v6.0.10194\teamviewer_service.exe --> c:\program files\teamviewerportable_v6.0.10194\TeamViewer_Service.exe [?]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\vividw~1\worksh~1.exe -zglaxservice workshopdbservice --> c:\progra~1\vividw~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-1-22 25728]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-1-22 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-1-22 108032]
.
=============== Created Last 30 ================
.
2011-06-30 15:52:06 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2011-06-27 19:02:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 19:02:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 13:48:52 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-23 13:48:52 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2011-06-23 13:27:16 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-06-23 13:27:16 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-06-20 20:52:09 -------- d-----w- c:\documents and settings\popa\local settings\application data\Opera
2011-06-18 15:47:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-18 15:26:04 -------- d-----w- c:\documents and settings\popa\application data\MCShield
2011-06-18 15:26:03 -------- d-----w- c:\program files\MCShield
2011-06-18 14:33:07 -------- d-----w- c:\documents and settings\popa\application data\Malwarebytes
2011-06-18 14:32:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-10 01:25:21 331776 ----a-w- c:\windows\system32\EasyRedirect.dll
2011-06-10 01:25:14 -------- d-----w- c:\program files\Easy-Hide-IP
2011-06-10 00:34:28 140096 ------r- c:\windows\system32\COMDLG32.OCX
2011-06-10 00:34:28 -------- d-----w- c:\program files\Technitium
2011-06-06 10:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 10:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-05 07:32:00 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-06-05 07:32:00 51200 ----a-w- c:\windows\system32\drivers\msdv.sys
2011-06-05 07:31:42 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-06-05 07:31:42 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-06-01 23:44:08 -------- d-----w- c:\documents and settings\popa\application data\COWON
2011-06-01 23:43:17 -------- d-----w- c:\program files\common files\COWON
2011-06-01 23:43:15 -------- d-----w- c:\program files\JetAudio
.
==================== Find3M ====================
.
2011-06-18 15:47:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 15:47:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 20:27:24.37 ===============
mycity.rs/must-login.png
i evo svi ovi posto mi nesto nije htelo pa je izbacio sve ovo a ja kacim:
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
Dopuna: 01 Jul 2011 22:31
Niko za dva sata!
Dobro cekam jos. 
|
|
|
|
|
|
|
Poslao: 01 Jul 2011 22:55
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Pozdrav nebojsa77ns
---------
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.
Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).
|
|
|
|
|
|
|
Poslao: 01 Jul 2011 23:19
|
offline
- Pridružio: 04 Jan 2009
- Poruke: 141
- Gde živiš: SRBIJA
|
Malwarebytes' Anti-Malware 1.51.0.1200
malwarebytes.org
Verzija baze: 6998
Windows 5.1.2600 Service Pack 3, v.6055
Internet Explorer 6.0.2900.3311
01.Jul.11 23:18:30
mbam-log-2011-07-01 (23-18-30).txt
Naèin skeniranja: Brzo skeniranje
Skeniranih objekata 143960
Proteklo vreme 4 minuta(e), 25 sekundi
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0
Inficirani procesi u memoriji:
(Maliciozne stavke nisu pronaðene)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu pronaðene)
Inficirani kljuèevi u registru:
(Maliciozne stavke nisu pronaðene)
Inficirane vrednosti u registru:
(Maliciozne stavke nisu pronaðene)
Inficirani podaci u registru:
(Maliciozne stavke nisu pronaðene)
Inficirane fascikle:
(Maliciozne stavke nisu pronaðene)
Inficirane datoteke:
(Maliciozne stavke nisu pronaðene)
Ako nije nista pronasao sto mi onda tako usporen kompjuter? I izbacuje te cudne prozore kao nesto ne moze da snimi na particiju E i onda se zakuca jedno pola sata do sat vremena?
|
|
|
|
|
|
|
Poslao: 01 Jul 2011 23:51
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Otvori novu temu u Windows potforumu i tamo iznesi svoj problem posto uzrocnik tih problema nije malicioznog porekla.
NIx Car (AMF Tim)
|
|
|
|
|
|
|
Poslao: 03 Jul 2011 15:49
|
offline
- Pridružio: 04 Jan 2009
- Poruke: 141
- Gde živiš: SRBIJA
|
Napisano: 01 Jul 2011 23:59
Hvala na pomoci.
Dopuna: 03 Jul 2011 15:49
Da li bi neko mogao da baci pogled samo posto sam sad stigao da poubadam sve sto koristim na USB pa sam dobio jedan log da li treba jos nesto da se uradi:
03.Jul.11 15:28:36 > Scanning drive J: (POPA ~4 GB, FAT32 flash drive )...
>>> J:\NADFOLDER\Desktop.ini - Malware > Deleted. (11.07.03. 15.28 Desktop.ini.843319; MD5: f05d6580608901fa2aea2a1e711a8ff4)
>>> J:\zctxjs.exe - Suspicious > Renamed. (MD5: 84086150af263cde9a3d45d39327ce34)
>>> J:\rcisco.exe - Suspicious > Renamed. (MD5: 84086150af263cde9a3d45d39327ce34)
>>> J:\vmgvjz.exe - Suspicious > Renamed. (MD5: 84086150af263cde9a3d45d39327ce34)
>>> J:\lxbiyx.exe - Suspicious > Renamed. (MD5: 84086150af263cde9a3d45d39327ce34)
>>> J:\alponh.exe - Suspicious > Renamed. (MD5: 84086150af263cde9a3d45d39327ce34)
=> Malicious files : 1/1 deleted.
=> Suspicious files : 5/5 renamed.
Hvala unapred
|
|
|
|
|
|
|
Poslao: 04 Jul 2011 00:30
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
|
|
|
|
|
|
