Racunar mi otezano radi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 25 Dec 2012 14:21

Pozdrav !
Vec par dana mi racunar dosta tesko otvara,treba mu po nekoliko minuta da bi pokrenuo program,dok to nije ranije cino.Skenirao sam ga sa Malwarebytes Anti-Malware,SUPERAntiSpyware.Spybot - Search(anti-spajver) ali nista nisam otkrio pa sam resio da mi vi pogledate dali ima kakva infekcija.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 13:57:06 on 2012-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.401 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VMSnap3.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: FastestTubeBHO Class: {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - c:\program files\fastesttube\2.0.0\WombatBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - <no file>
IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1317104157750
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4132A202-E364-43F9-804F-7CF37769A70D} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\5bzqvh71.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - BrotherSoft Extreme3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3205709&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=2&q=
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\5bzqvh71.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-24 20:11; {62d40876-df18-411f-9d34-a9dd7a197bc5}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\5bzqvh71.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-9 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-9-2 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-9-2 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-9-2 83392]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2012-12-13 98304]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-1-7 12184]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2012-12-13 3735552]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2012-2-29 17408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-8-28 480128]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2011-8-28 1472768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-25 08:54:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-24 20:35:43 -------- d-----w- c:\program files\Skype
2012-12-20 07:15:15 630272 ----a-w- c:\windows\system32\SET46.tmp
2012-12-20 07:15:15 25600 ----a-w- c:\windows\system32\SET48.tmp
2012-12-20 07:15:14 55296 ----a-w- c:\windows\system32\SET45.tmp
2012-12-20 07:15:13 105984 ----a-w- c:\windows\system32\SET40.tmp
2012-12-20 07:15:12 916992 ----a-w- c:\windows\system32\SET3E.tmp
2012-12-20 07:15:11 2000384 ----a-w- c:\windows\system32\SET4A.tmp
2012-12-20 07:15:10 1212416 ----a-w- c:\windows\system32\SET3F.tmp
2012-12-20 07:15:07 6008832 ----a-w- c:\windows\system32\SET44.tmp
2012-12-20 07:15:07 11111424 ----a-w- c:\windows\system32\SET4C.tmp
2012-12-20 07:14:49 375296 -c----w- c:\windows\system32\dllcache\dpnet.dll
2012-12-14 18:04:10 -------- d-----w- c:\windows\system32\Adobe
2012-12-13 18:32:39 -------- d-----w- c:\program files\SpacialAudio
2012-12-13 18:32:35 548864 ----a-w- c:\windows\system32\GDS32.DLL
2012-12-13 18:32:15 -------- d-----w- c:\program files\Firebird
2012-12-05 12:30:21 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Yahoo
2012-11-27 08:06:33 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-12-23 20:02:30 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-12-11 20:01:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 20:01:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 16:52:08 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-24 20:02:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-24 20:02:58 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-24 20:02:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-24 20:02:58 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-22 08:37:31 1866368 ------w- c:\windows\system32\_000007_.tmp.dll
2012-10-18 19:52:56 315392 ----a-w- c:\windows\HideWin.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 13:57:41.32 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 25 Dec 2012 14:23

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. korak

Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe ako ti nisu potrebni:

SweetIM for Messenger 3.7



2. korak

Pošalji ovaj fajl:

c:\windows\system32\_000007_.tmp.dll

preko sljedećeg linka:

http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SweetIM for Messenger 3.7 sam već par puta pokusao da uklonim ali neuspevam evo i sada sam ga pokusao ali javlja mi ove greske




Ovaj fajl sam uspesno uploudovao

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisi ga uspješno uploadovo. Poslao si mi New text document, a ne fajl koji sam tražio.
'Ajd ovako: kada ti broswer izbaci dijalog za traženje fajla kada klikneš na Browse, u polje Filename kopiraj putanju fajla kojeg sam ti tražio i klikni na Open. Javi kada to uradiš.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam samo neznam dali je sada ok.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sada nisi ništa poslao.

Idi na http://www.mycity.rs/ambulanta-upload.php

Klikni na Browse.

U polje File name kopiraj:

c:\windows\system32\_000007_.tmp.dll

i klikni na Open.
Nakon toga klikni na Upload


Imaš i ovaj screenshot ukoliko ti nešto nije jasno.

• 1Ovo se svidja korisniku: g[h]ost
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Dec 2012 11:29

Drug ali ja ovde nemam kada kliknem na link ovaj gore Browse
Pogledaj,kako da to odradim tu sam se i zbunio juce


Dopuna: 27 Dec 2012 11:32

Ja sam to sada odradio,e sada dali je to dobro nisam siguran,javićes mi

• 1Ovo se svidja korisniku: njuskalo75
  
  Registruj se da bi pohvalio/la poruku!

Sada si ga poslao. Uglavnom, u postavljenim izvještajima nemaš tragova aktivne infekcije i problem koji imaš nije uzrokovan istom.




Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.





Otvori temu u Windows forumu i tamo iznesi svoj problem.



Pozdrav.