Usporen rad racunara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Primetio sam u poslednja 2 dana da mi racunar radi veoma usporeno, takodje cesto izbacuje i blue screen... sporo se pali itd..
Skenirao sam sve sa AVG antivirusom medjutim ne prijavljuje mi nikakvu zarazu.
Citao sam neke teme ovde u ambulanti i padne mi na pamet da otvorim windows folder da pogledam da nema nesto cudno i nadjem ovo :


Pokusao sam da uradim korake koji su napisani u uputstvu za ambulantu:

1.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Admin at 18:17:05 on 2012-02-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2253 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uURLSearchHooks: ???????@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: MailRuBHO Class: {8984b388-a5bb-4df7-b274-77b879e179db} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
TB: ???????@Mail.Ru: {09900de8-1dca-443f-9243-26ff581438af} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Download with GetRight Pro - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Pro Browser - c:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: DhcpNameServer = 89.216.1.50 89.216.1.30
TCP: Interfaces\{B0792DC5-7478-46A0-AF5C-2AA33C55DEA5} : DhcpNameServer = 89.216.1.50 89.216.1.30
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
mASetup: {34A19196-274E-4D75-9D30-D7A45A0A4178} - "c:\program files\windows sidebar\.\regsvr32.exe" /s wlsrvc.dll
mASetup: {6B9228DA-9C15-419e-856C-19E768A13BDC} - "c:\program files\windows sidebar\.\regsvr32.exe" /s sbdrop.dll
mASetup: {BADA65A0-86B7-462B-B720-CE66655C73F5} - regsvr32 /s c:\vaio\.\vshellext.dll
mASetup: Windows Sidebar - c:\windows\system32\hidec /w c:\vaio\tools\regtlib.exe "c:\program files\windows sidebar\sidebar.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2011-7-21 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2011-7-21 5248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-10-24 217088]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\mail.ru\guard\GuardMailRu.exe [2012-2-5 1723480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-10-24 36640]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-7-21 50176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-7-21 2127728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-10-24 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-10-24 20032]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-7-21 724736]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-10-24 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-10-24 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-10-24 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-10-24 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-16 12:03:29 -------- d-----w- c:\program files\WhoCrashed
2012-02-16 09:54:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-16 09:54:46 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-15 12:04:58 -------- d-----w- c:\documents and settings\admin\application data\SkyMonk
2012-02-15 12:04:53 -------- d-----w- c:\program files\Mail.Ru
2012-02-15 12:04:53 -------- d-----w- c:\documents and settings\admin\local settings\application data\Mail.Ru
2012-02-15 05:24:37 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 05:24:37 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 02:26:53 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2012-02-15 02:10:31 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-02-15 02:10:17 -------- d-----w- c:\windows\ie8updates
2012-02-15 02:09:50 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-15 02:09:50 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-15 02:09:50 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-15 02:09:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-15 02:09:50 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-02-15 02:09:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-02-15 02:09:50 11082240 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-02-15 02:08:46 -------- dc-h--w- c:\windows\ie8
2012-02-04 16:46:56 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-04 16:46:56 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-04 16:46:56 -------- d-----w- c:\program files\OpenAL
2012-02-04 16:46:55 782336 ----a-r- c:\windows\system32\tmpC9.tmp
2012-02-04 16:46:54 782336 ----a-r- c:\windows\system32\tmpC8.tmp
2012-01-29 17:43:42 -------- d-----w- c:\documents and settings\admin\local settings\application data\Skyrim
2012-01-29 17:31:19 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim
2012-01-22 07:11:12 -------- d-----w- c:\documents and settings\admin\local settings\application data\Electronic Arts
.
==================== Find3M ====================
.
2012-01-18 16:12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
2011-12-04 10:49:52 280976 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 18:17:38.40 ===============


[Link mogu videti samo ulogovani korisnici]

Kada sam pokusao da uradim sledeci korak, prilikom pokretanja GMER-a izbacilo mi je Blue screen, a
kada sam pokusao sa root repeal prvo mi je izaslo ovo

Potom sam ponovio postupak i na pola skeniranja mi je izbacilo blue screen.
Na desktopu imam fajl rootrepeal.txt u kome se nalazi sledece:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows XP SP3
Exception Code: 0xc0000005
Exception Address: 0x0041102f
Attempt to read from address: 0x113079fd
Kao i fajl Rootrepeal.dmp
Moze li se ovde otkriti kvar ? :/

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav lionelmessi10.










Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks
klikni OK i sačekaj završetak skeniranja.

Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.












goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada pokrenem taj program posle 2 minuta mi se pojavi blue screen... isto kao i sa prethodna 2 programa...
Uspeo sam prilikom skeniranja da uhvatim screen shot na kom se vidi neki warning :

Kad bih bar mogao da saznam da li je problem hardverski ili softverski (lako bih oborio sistem)

• 1Ovo se svidja korisniku: ThePhilosopher
  
  Registruj se da bi pohvalio/la poruku!

Da pokusamo sa ovim alatom ...




Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.

Slikoviti prikaz postupka

Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.









goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Evo ga, ovaj mi nije izbacio blue screen

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovde nije problem do malware-a. Tvoj sistem je cist tj. ne postoji aktivan malware na istom.




Javi se u ovoj tvojoj temi, iz Windows potforuma i tu nastavi resavanje slucaja: [Link mogu videti samo ulogovani korisnici]



U Event Viewer-u postoji greska (napisi to u novoj poruci u temi; tamo u Windows forumu) koja je verovatno uzrocnik tvom problemu, pa ces dobiti dalje dobiti upute sta da radis.
Greska iz Event Viewer-a su sledece:

Citat:2/18/2012 13:15:51, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
2/17/2012 15:37:01, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
2/17/2012 13:23:09, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.


Moguci problem sa hard diskom ili cd-rom-om (moguce da su losi kablovi). U svakom slucaju, napisao sam ti sta trebas uraditi.