Usporen kompjuter

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav cenjenim prijateljima iz Ambulante!
Moj problem se sastoji u tome što mi je kompjuter već neko vreme usporen. Nisam sigurna da li je do zaraze ili je nešto drugo u pitanju, pa se prvo javljam ovde.
Tip konekcile: ADSL - 100.0 Mbps.
Evo traženih log-ova:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.25.2
Run by Novi korisnik at 19:31:07 on 2014-01-19
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1022.431 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$PCTOOLS\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PCTOOLS\Binn\sqlagent.EXE
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
uProxyOverride = <local>
mSearchAssistant = ${SEARCH_URL_IE7}
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.22.0\zonealarmTlbr.dll
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Free YouTube Download - <no file>
IE: Free YouTube to MP3 Converter - <no file>
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{65766D64-DA15-44B6-8306-2B1EADD0DA3B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - <no file>
Notify: AtiExtEvent - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\novi korisnik\application data\mozilla\firefox\profiles\hcojfxls.default-1382628922562\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-10-24 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-10-25 529128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-10-24 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-10-24 440376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-10-24 90400]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-8-22 233472]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 MSSQL$PCTOOLS;MSSQL$PCTOOLS;c:\program files\microsoft sql server\mssql$pctools\binn\sqlservr.exe [2005-5-4 9150464]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 SQLAgent$PCTOOLS;SQLAgent$PCTOOLS;c:\program files\microsoft sql server\mssql$pctools\binn\sqlagent.EXE [2005-5-3 323584]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2013-10-15 50704]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-1-9 243128]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-8-22 36608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-7-16 83864]
S3 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2012-4-20 98984]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-7-16 181912]
S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-10-24 1011768]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2014-01-11 20:27:03 -------- d-----w- C:\AdwCleaner
2014-01-11 19:45:26 -------- d-----w- c:\program files\Everything
2014-01-10 19:18:58 -------- d-----w- c:\documents and settings\novi korisnik\local settings\application data\Secunia PSI
2014-01-09 18:50:03 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-09 18:49:43 -------- d-----w- c:\documents and settings\novi korisnik\application data\DAEMON Tools Lite
2014-01-08 13:46:31 -------- d-----w- c:\documents and settings\novi korisnik\My Downloads
2014-01-08 13:31:00 -------- d-----w- c:\documents and settings\novi korisnik\application data\FreeTorrentViewer
2014-01-02 17:26:25 23608 ----a-w- c:\windows\system32\normaliz.dll
2013-12-27 20:57:03 -------- d-sh--w- c:\documents and settings\novi korisnik\Phone Browser
2013-12-27 20:56:57 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-12-27 20:56:57 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-12-27 20:55:04 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-12-27 20:53:04 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-12-27 20:52:22 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll
2013-12-27 20:52:22 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2013-12-27 20:52:22 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll
2013-12-27 20:52:02 -------- d-----w- c:\program files\Nokia
2013-12-22 22:00:24 -------- d-----w- c:\documents and settings\novi korisnik\application data\Synei
2013-12-22 21:59:42 -------- d-----w- c:\program files\Synei
.
==================== Find3M ====================
.
2013-12-18 15:05:45 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
============= FINISH: 19:31:49.26 ===============

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li imaš instaliran ZoneAlarm Free Firewall ili ZoneAlarm Free Firewall + Antivirus?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jan 2014 20:08

Samo Firewall

Dopuna: 19 Jan 2014 20:09

Mislim, nije instaliran AV.

• 1Ovo se svidja korisniku: Vera55555
  
  Registruj se da bi pohvalio/la poruku!

U tom slučaju, idi u Control Panel i deinstaliraj:

Skype Click to Call
ZoneAlarm Security Toolbar





Preuzmi sUBs-ov ComboFix sa sljedeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:provjeriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primjetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata.
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata.
Ako nakon restarta dobijaš grešku prilikom startovanja nekih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to će riješiti problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skype Click to Call sam deinstalirala. ali ZoneAlarm Security Toolbar ne mogu da nađem u Add or Remove Programs. Šta da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako ga nemaš, onda ga preskoči i pređi na sljedeći korak.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jan 2014 20:41

Osim FW, postoji i opcija Identity & Data, u okviru koje je i Privacy Toolbar, ali ne vidim kako bih ga deinstalirala.

Dopuna: 19 Jan 2014 20:43

Dobro, nastavljam...

Dopuna: 19 Jan 2014 20:53

Pomagaj! Šta da radim? Sve sam isključila, a vidi šta kaže! Pominje i Avast a uopšte ga nemam!


Dopuna: 19 Jan 2014 21:04

Da li da nastavim?

• 1Ovo se svidja korisniku: Vera55555
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav Vera55555,

Posto je kolega trenutno offline, a ti da ne cekas, samo da odgovorim na tvoje pitanje:

Citat:Pomagaj! Šta da radim? Sve sam isključila, a vidi šta kaže! Pominje i Avast a uopšte ga nemam!

Ako si AV stvarno ugasila ( a po slici vidim da jesi ) ignorisi CF upozorenja i dozvoli mu da nastavi rad.
ZoneAlarm bi takodje trebao da bude iskljucen.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokušala sam već dva puta. Skeniranje stigne do broja 50, delleting files, onda plavi ekran, restart i nema izveštaja.

• 1Ovo se svidja korisniku: Vera55555
  
  Registruj se da bi pohvalio/la poruku!

Nema izvještaja ni na C:\ComboFix.txt?




Spakuj u ZIP, RAR ili 7Z arhivu sljedeći folder:

C:\Qoobox

i pošalji ga preko sljedećeg linka:

[Link mogu videti samo ulogovani korisnici]


Javi kada to uradiš i sačekaj dalja uputstva.