Windows radi mnoogu sporo

Windows radi mnoogu sporo

offline
  • Pridružio: 21 Avg 2007
  • Poruke: 56

Vaka imam eden problem so laptop ... mnogu sporo raboti i od den na den se poloso raboti... i cesto mi pojavuva System alert.. i koga kliknam tamu mi otvara web strana virprotect.com kazete mi nacin kako mozam toa da go otstranam i eve HijackThis log.. Pozdrav do site clenovi na MyCity Forumot










Logfile of HijackThis v1.99.1
Scan saved at 23:24:03, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Documents and Settings\user\Desktop\hijackthis_sfx\ht.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B85} - C:\Program Files\Sotfone\1202426347.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: {addc4262-5294-8918-9264-618b80907645} - {54670908-b816-4629-8198-49252624cdda} - C:\WINDOWS\system32\yggwuvwx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1204010977.dll
O2 - BHO: (no name) - {A55D41F6-191F-4D34-A9DB-43084613F14C} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202426344.dll
O2 - BHO: (no name) - {FA6E43E6-F825-4317-BBCC-EC8462D1F3A5} - C:\WINDOWS\system32\awvspom.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [bcc5fab2] rundll32.exe "C:\WINDOWS\system32\jqqvddxu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{155DBFD9-5912-4536-91F0-754BE677ABB7}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{195A654D-C54A-4D55-9897-D6D6A830EE5F}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{447C2F06-13C3-4556-9ED0-F98CD1FEA6DA}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{642E1BAF-F138-4975-8A9D-E6F3E142AF4F}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3FB4AC-CF5A-4FA9-A340-990C74B17E51}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F229237-22EB-4277-968F-0DFD94A1995E}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AD1F6BF-445E-42C4-B651-3C293B61E501}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04588BC-F201-4355-B810-AA8246B4835C}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: awvspom - C:\WINDOWS\SYSTEM32\awvspom.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pozdrav,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 21 Avg 2007
  • Poruke: 56

Go srediv problemot so SmitFraud scan ok e sega... fala mnogu i pozdrav

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

BaDMaN19, molim te uradi ono sto sam ti rekao.
Tvoj kompjuter je inficiran sa vise infekcija, a SmitFraud je resio samo jednu od njih.

Daj mi, molim te, log koji je Smitfraud napravio, da vidim sta je on to tacno uradio.

Nakon toga mi daj ComboFix log prema uputstvu koje sam ti gore napisao.
Daj i novi HijackThis log.

offline
  • Pridružio: 21 Avg 2007
  • Poruke: 56

hmm.. zal mi e ama ne e vo mene toj kompjuter veke... na eden prijatel bese toa lap top... znaci posle nekoe vreme pa ke javuva infekcii?

Ko je trenutno na forumu
 

Ukupno su 834 korisnika na forumu :: 50 registrovanih, 6 sakrivenih i 778 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., aleksmajstor, Andrija357, Apok, babaroga, Bane san, Ben Roj, Bobrock1, BRATORIII, CikaKURE, Dannyboy, Denaya, Dimitrise93, Dvojac005, FileFinder, FOX, Georgius, HogarStrashni, hologram, ILGromovnik, ivica976, Joja, Kubovac, kybonacci, laurusri, Luka Blažević, M1los, Mihajlo, milanovic, milenko crazy north, Miškić, Mlav, moldway, Motocar, rodoljub, ruma, sap, Sirius, slonic_tonic, Srle993, theNedjeljko, trajkoni018, Trpe Grozni, vathra, VJ, Vlada78, VP6919, zbazin, zillbg