Komp mi baguje treba mi POMOC

[Death_srb]

-E ovako ne znaam kako da pocnem zato sto mi kompjuter ovo radi od kako sam ga kupio a u servisu uvek govore virusi,virusi!!!!
-Sta god da radim on prosto zaledjuje po 10 sec na svakix 5 do 10min a verujte mi kad igrate canter ili tako nesto to nije dopustljivo!!!
-E sad pokusao sam razne stvari od najrazlicitjih anti-virusa do brisanja programa reko ako je mozda preopterecen.ali na moju zalost nista ne pomaze a vec pocinjem da ludim jer verujte mi ne znate kako je kad neki zvuk zaledi=glava oce da pukna od buke i zvuka!!!

Ajde molim vas da mi pomognete posto ne mogu nista da radim na njemu!!!:wall:

 

[TwistedMind]

da li u obzir dolazi reinstalacija sistema?

 

[Death_srb]

Pa brate reinstaliram sam sistem ono posle par dana opet!!!

 

[spock1]

Pokreni ovaj program dvoklikom http://download.bleepingcomputer.com/sUBs/dds.scr
Sacekaj da izbaci logove i onda iskopiraj log DDS.txt ovde na forumu. Videcemo da li su virusi.

 

[Death_srb]

evo

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 19:41:30.46 on Fri 12/25/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1545 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091225-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wisdd1865f0ad7340fbb23e1822e02396ff_9_09_0203.msi" wise_setup_exe_path="c:\documents and settings\administrator\desktop\nv18206_win2kxp\nv18206_win2kxp\PhysX_9.09.0203_SystemSoftware.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\e8main1.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\vnl8j752.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-23 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-23 138680]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-23 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-23 352920]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-7-14 176128]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [2009-7-14 16128]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-8-17 18688]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\admini~1\locals~1\temp\CMJ10.tmp [2009-10-7 25232]

=============== Created Last 30 ================

2009-12-23 21:35:28 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-18 16:16:29 0 d-----w- c:\docume~1\admini~1\applic~1\FastStone
2009-12-01 16:46:39 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-12-21 13:04:47 5887 ----a-w- c:\windows\ZDStartupInfo.bin
2006-06-23 12:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2009-09-15 09:47:02 608 --sha-w- c:\windows\system32\winzvprt5.sys

============= FINISH: 19:41:37.78 ===============

 

[spock1]

Skini combofix sa ovog linka na desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ugasi Avast, desni klik pored sata i zaustavi zastitu.
Pokreni Combofix sa desktopa.
Klikni potvrdno za sve sto te pita.
Kad zavrsi skeniranje izbacice ti log koji ces kopirati ovde.

 

[Death_srb]

e kaze ovako da nemam Microsoft windows recovery console i kaze yes da bi download i install a no zahteva ukljucenu internet konekciju??
Yes or No

 

[spock1]

yes, vec sam ti napisao, yes i ok.

 

[Death_srb]

ComboFix 09-12-25.02 - Administrator 12/25/2009 20:51:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1700 [GMT 1:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091225-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AhnRpta.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys


((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-23 21:35 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-23 21:35 . 2009-12-23 21:35 -------- d-----w- c:\program files\Alwil Software
2009-12-18 16:16 . 2009-12-18 16:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\FastStone
2009-12-01 16:46 . 2009-12-01 16:46 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 19:55 . 2009-08-02 11:48 -------- d-----w- c:\program files\DNA
2009-12-25 19:55 . 2009-08-02 11:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-12-24 17:35 . 2009-07-14 18:10 -------- d-----w- c:\program files\Valve
2009-12-21 16:53 . 2009-08-02 11:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2009-12-21 13:04 . 2009-08-02 11:48 5887 ----a-w- c:\windows\ZDStartupInfo.bin
2009-12-21 12:16 . 2009-07-14 08:46 78616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 16:17 . 2009-07-21 09:50 -------- d-----w- c:\program files\Garena
2009-12-18 15:55 . 2009-11-12 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-14 11:36 . 2009-11-14 11:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 11:36 . 2009-11-14 11:36 -------- d-----w- c:\program files\Windows Live
2009-11-14 11:31 . 2009-11-14 11:31 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\MSECACHE
2009-11-13 18:48 . 2009-09-16 19:58 -------- d-----w- c:\program files\Microsoft
2009-11-12 18:50 . 2009-11-12 18:50 -------- d-----w- c:\program files\AVG
2009-11-10 17:28 . 2009-10-03 13:16 -------- d-----w- c:\program files\Warcraft III
2009-09-15 09:47 . 2009-09-15 09:47 608 --sha-w- c:\windows\system32\winzvprt5.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\hp laserjet m1522\\Fax Config utility1.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 6:08 AM 3575808]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [7/14/2009 10:35 AM 176128]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [7/14/2009 12:01 PM 16128]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CMJ10.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CMJ10.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vnl8j752.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WinLiveSuite_Wave3 - c:\program files\Windows Live\Installer\wlarp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\CMJ10.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-25 20:55:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-25 19:55

Pre-Run: 87,011,115,008 bytes free
Post-Run: 90,942,795,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E69EC637F374051C503372945C6FF937

 

[spock1]

Kakva je sad situacija, kako radi komp.

Ja sam ti napisao da pokrenes Combofix sa desktopa i to nisi ispostovao, takodje nisi ugasio Antivirus pre pustanja Combofixa.

 

[Death_srb]

MA bre slucajno sam ga pokreno iz downloads!!!!A anti virus sam izbriso pre nego sto sam ga pustio a mgou ti reci da ne baguje!!!!THX tvoj sam duznik!!!
Ali ako krene javicu ti se opet!!!

 

[spock1]

Zato sto sad moramo rucno da brisemo Combofix umesto da ga automatski deinstaliramo.

Obrisi ikonicu Combofixa
Obrisi foldere:

C:\ Combofix
C:\ Qoobox

Iskljuci system restore, restartuj, pa ukljuci System restore.

Obrisali smo trojanca Downloadera, tako da znas.

 

[Death_srb]

Samo kako da iskljucim system restore?

 

[spock1]

My Computer" pa "properties". Tu imas jezicak "System Restore".
I tu stikliras "Turn off System Restore on all drives"+

Restartujes pa ukljucis.

 

[Death_srb]

Ajde otvoren sam za nove ideje posto mi baaguje vise nego ikaD!!!!

 

[spock1]

Moguce da imas ostatke od AVG-a, imao si ga na kompu.
Skini ovaj alat pokreni ga i ocisti ostatke http://www.avg.com/ww-en/download-tools

Skini Gmer http://www2.gmer.net/download.php
Pokreni dvoklikom
Sacekaj da izvrsi inicijalno skeniranje
Zatim klikni Scan
Kad zavrsi skeniranje, klikni Save i sacuvaj log na desktopu pod nazivom Gmer1
Iskopiraj mi log.

 

[Death_srb]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-26 22:42:14
Windows 5.1.2600 Service Pack 2
Running: 22x2nizb.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwroyaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9772360, 0x35483F, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB71ACA00]

---- EOF - GMER 1.0.15 ----

 

[Death_srb]

Prva 2 puta kad sam pokrenuo scan lupi plav ekran=problem koji sam imao pre i lupi res
Upali se komp ne baguje to uradi ponekad posle par restartovanja i on iskenira lepo i eto ti!!!
Da te pitam gde si sve to naucio za kompi da li combo fix mogu da korisim za svake greske i za sta sluzi gmer??

 

[spock1]

Nemoj sam i na svoju ruku da pokreces Combofix. Mozes da koristis malwarebytes i takve programe, oko ovoga se ne petljaj. to je helperski program i mozes vise stete da napravis nego koristi.
Kod tebe je najverovatnije neki hardverski problem, ili ako si instalirao neki drajver, ako mozes da se setis.
Plavi ekran se pojavljuje samo u ta dva slucaja.
Skini neki program koji meri temperaturu komponenti i prati temperature. Moguce da se pregreva graficka ili procesor ili nesto drugo, i komp se zaludi. Malware nije ovde u pitanju.
Preporuka programa je SpeedFan, Everest Ultimate...