Usporen računar i BSOD

Usporen računar i BSOD

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1239

Nekoliko meseci ranije instalirana igrica (neka starija igrica) je pravila probleme i izazivala BSOD, posle deinstalacije igrice sve se vratilo u normalu i nije bilo problema. Pre otprilike 3 nedelje je umesto Sunbelt-ovog firewalla stavljen Comodo Firewall ali je isti znao da blokira računar posle podizanja sistema pa bi obično tek posle dva restarta PC "proradio". Nakon toga je isti zamenjen posle nekoliko dana sa OA free firewallom i sve radi donekle kako treba. U poslednjih nedelju dana računar je baš usporen. U poslednje vreme više ljudi je koristilo računar tako a ne znam šta je sve rađeno na njemu.

DDS sam pokrenuo tek kad sam isključio OA firewall i Avast a GMER isto tako ali je došlo do BSOD posle početka skeniranja, računar je bio podešen tako da ne čuva izveštaj posle BSOD (nisam ja instalirao OS i podešavao sistem), RootRepeal je skenirao samo sistemsku particiju nekih 13 sati. Twisted Evil


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Ares at 16:51:37 on 2011-07-31
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.1023.613 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ares\application data\mozilla\firefox\profiles\is2fz1ix.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\ares\application data\mozilla\firefox\profiles\is2fz1ix.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\ares\application data\mozilla\firefox\profiles\is2fz1ix.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll
FF - plugin: c:\documents and settings\ares\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-19 309848]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-1-21 20216]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-7-22 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-7-22 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-7-22 29464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-19 19544]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-6-17 128272]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-7-22 39048]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-19 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-7-22 381512]
S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-7-22 4326472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-12-6 1691480]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-11 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 22712]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-6-18 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-6-18 11104]
S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2011-5-16 87192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-1-18 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-21 366640]
S4 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-31 68928]
.
=============== Created Last 30 ================
.
2011-07-31 12:11:42 -------- d-----w- c:\documents and settings\ares\local settings\application data\Sun
2011-07-31 12:11:11 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-29 02:23:17 593920 ------w- c:\windows\system32\ati2sgag.exe
2011-07-29 02:22:35 -------- d-----w- c:\program files\ATI Technologies
2011-07-29 01:53:37 -------- d-----r- c:\program files\Skype
2011-07-23 15:20:54 -------- d-----w- c:\program files\VS Revo Group
2011-07-23 01:43:24 -------- d-----w- c:\windows\system32\LogFiles
2011-07-22 11:51:22 -------- d-----w- c:\documents and settings\ares\application data\OnlineArmor
2011-07-22 11:51:22 -------- d-----w- c:\documents and settings\all users\application data\OnlineArmor
2011-07-22 11:50:52 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-07-22 11:50:52 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-07-22 11:50:52 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-07-22 11:50:52 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-07-22 11:50:47 -------- d-----w- c:\program files\Online Armor
2011-07-22 01:04:02 102400 ----a-w- c:\windows\system32\TrackerNET.dll
2011-07-22 01:03:22 217088 ----a-w- c:\windows\system32\libmySQL.dll
2011-07-22 00:56:11 231936 ----a-w- c:\windows\system32\SNWValid.dll
2011-07-22 00:56:11 1022976 ----a-w- c:\windows\system32\SierraNW.dll
2011-07-15 08:46:05 -------- d-----w- c:\documents and settings\ares\local settings\application data\STARGAZE_IMAGE_CACHE
2011-07-12 16:46:32 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2011-07-12 16:46:32 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2011-07-10 06:45:28 -------- d-----w- c:\documents and settings\ares\local settings\application data\Chromium
2011-07-10 06:45:22 -------- d-----w- c:\program files\SRWare Iron
2011-07-07 14:47:43 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-07-07 14:47:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
==================== Find3M ====================
.
2011-07-31 12:11:02 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-17 21:33:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 02:31:11 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-16 18:01:42 52736 ----a-w- c:\windows\ipuninst.exe
2011-06-04 09:19:13 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-16 17:01:00 44720 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-05-16 17:01:00 162544 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-05-16 17:01:00 111280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-14 06:31:22 87192 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2011-05-06 12:30:04 747592 ----a-w- c:\windows\system32\pwNative.exe
2011-05-06 12:30:00 16472 ------w- c:\windows\system32\pwdrvio.sys
2011-05-06 12:29:50 11104 ------w- c:\windows\system32\pwdspio.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 16:52:11,85 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Ako zelis odradi sledece
Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks

klikni OK i sačekaj završetak skeniranja.


Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1239

https://www.mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Analziom tvojih logova ustanovio sam da na racunaru nemas malwarea. Postavi novu temu u windows i tamo izlozi svoj problem

offline
  • Pridružio: 12 Feb 2007
  • Poruke: 1239

Hvala vam na trudu. Smile

Ko je trenutno na forumu
 

Ukupno su 814 korisnika na forumu :: 27 registrovanih, 7 sakrivenih i 780 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Dr.Strangelove, dragoljub11987, Georgius, HrcAk47, ikan, Insan, Kriglord, kunktator, kybonacci, ladro, loon123, Lošmi, mean_machine, Mika_NS, mikrimaus, milenko crazy north, Milos ZA, Neutral-M, nikoladim, pein, Prašinar, Srle993, ss10, trutcina, Vlada1389, wizzardone, yrraf