problem sa procesima i jos ponesto

gladiolica

Zainteresovan član
Poruka
282
Prvi problem:
Pri radu racunara pojavljuje mi se i do 60 i vise procesa.Neki se cak i dupliraju po vise puta.Da li su neki od njih stetni,zasto ih ima toliko?Da li je moguce neke od njih(i kako) ukloniti iz racunara a da racunar pritom isto funkcionise ako ne i bolje?
Drugi problem:
Imala sam instaliran program Sony Ericsson PC Suite koji sam teskom mukom jedva izbrisala ali mi je ostala ikonica na desktopu koju nikako ne mogu da izbrisem.Savet?
Treci problem:
Usao mi je virus na C: particiju, u folder Windows, i AVG mi redovno prijavljuje njegovo prisustvo ali mi ne da da izbrisem taj fajl.Pretpostavljam da je to sistemski fajl zarazen i da mi je zato zabranjeno da ga brisem.
Uz sve ovo,prilazem i log HiJack (log Ad-aware naknadno)
Inace, Ad-Aware je (sto ce se videti iz prilozenog) prijavio nekoliko malware i jos neke fajlove koje ne znam da li smem da brisem.

Prilog:

Logfile of HijackThis v1.99.1
Scan saved at 23:59:48, on 25.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Nero 8\InCD\NBHGui.exe
D:\Program Files\Nero 8\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Nero 8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programi-instalacije\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.krstarica.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
O2 - BHO: (no name) - {DD2110F0-9EEF-11cf-8D8E-BBAA0070F55F} - C:\WINDOWS\system32\mssync20.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 8\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DF1C685-D5EA-493E-9321-E389EBD23462}: NameServer = 194.247.192.1 194.247.192.33
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 8\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Internet konekcija: 512kbps

Molimo za bilo kakav savet.Svaka asistencija je dobrodosla.
 
Što se tiče 60 procesa i niije jako mnogo ako su svi OK. Međutim ja sam ovde nabrojao bar dva trojanca i toliko otpada i nepotrebnih stvariju za startovanje kompjutera da to nije normalno . I ja bih isto sačekao mišljenje dr_Bore za svaki slučaj on je expert.
Za sada mogu ti samo napisati šta možeš da čekiraš unutar Hijjack this-a i sigurno da klikneš na Fix problem:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Application Launcher\Application Launcher.exe" /startoptions

ovo je zasada a za ostalo čekamo dr_boru!
 
Nije trebalo dirati ovu liniju:
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

To što piše file missing ne znači da file-a stvarno nema...

Hajde da prvo ovo pokrenemo opet:

Control Panel - Administrative Tools - Services: pronađi servis pod nazivom:
Forceware Web Interface - desni klik na njega i u prozoru koji se otvori postavi Startup Type na Automatic.

----------------------------------------------------------------------------------------------------------------------------------

Pokreni HT, skeniraj i čekiraj sledeće linije:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\ntos.exe,
O2 - BHO: (no name) - {DD2110F0-9EEF-11cf-8D8E-BBAA0070F55F} - C:\WINDOWS\system32\mssync20.dll
O4 - HKLM\..\Run: [BSplayer_WhenUSave_Installer] C:\Program Files\BSplayer_WhenUSave_Installer\BSplayer_WhenUS ave_Installer.exe
O4 - HKLM\..\Run: [mssync20] C:\WINDOWS\system32\mssync20.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt

a zatim klikni na Fix Checked.

----------------------------------------------------------------------------------------------------------------------------------

Preuzmi http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Restartuj kompjuter u Safe Mode (pri paljenju pc-a pritiskuj F8 i izaberi Safe Mode iz menija koji se pojavi).
Pokreni SDFix.exe i klikni na Install - to će raspakovati file-ove u arhivi.
Pokreni C:\SDFix\RunThis.bat
Ukucaj Y kako bi započelo skeniranje - Nakon restarta kompjutera, otvoriće se log file u Notepadu koga trebaš iskopirati ovde.

Takođe, postavi i novi HT log.
 
Btw,
Imala sam instaliran program Sony Ericsson PC Suite koji sam teskom mukom jedva izbrisala ali mi je ostala ikonica na desktopu koju nikako ne mogu da izbrisem.
Napiši tačan naziv ikonice i šta ti prijavi kada je pokušaš brisati.
Usao mi je virus na C: particiju, u folder Windows, i AVG mi redovno prijavljuje njegovo prisustvo ali mi ne da da izbrisem taj fajl.
Koji virus i u kome file-u?
Tačan naziv.
 
Tacan naziv ikonice je "Sony Ericsson PC Manager".
Kada kliknem desnim klikom na nju imam samo ove opcije:
Open,Explore,Create Shortcut,Rename.
Uopste nemam opciju Delete,niti mogu da je prevucem do Recycle Bin-a.

Sto se virusa tice
zarazen je fajl mssync20.exe u folderu: C:\WINDOWS\system32
ali nekad mi prijavljuje virus AVG a nekad samo prikaze Reading Error.
Sta je zapravo u pitanju?

Sto se tice prethodnog uputstva da li je neophodno da idem preko safe Moda?
 
Neophodno je (inače neće biti odrađeno kako treba).


Edit: još nešto odradi. Skini priloženi zip file, raspakuj ga i pokreni ono što je u njemu.
U istom folderu gde je file pokrenut će se pojaviti file list.txt.
Priloži ga uz poruku (koristi Sredite priloge).
 

Prilozi

  • a.zip
    a.zip
    212 bajtova · Pregleda: 2

Back
Top