Показано с 1 по 10 из 10.

Computer running slow

  1. #1
    Junior Member Репутация
    Регистрация
    23.08.2009
    Сообщений
    11
    Вес репутации
    54

    Computer running slow

    My computer is been running really slow and I have been getting a pop-up everytime I open internet explorer. I have attached the three logs.
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Hello,

    Download the last version of AVZ 4.32 over the link in the rules.
    Update the database (File/Database Update).

    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    -Fix with Hijackthis
    Код:
    O4 - HKLM\..\Run: [gemularole] Rundll32.exe "C:\WINDOWS\system32\gosofuwu.dll",s
    O4 - HKLM\..\Run: [14e9854a] rundll32.exe "C:\WINDOWS\system32\lehevusa.dll",b
    O4 - HKLM\..\Run: [CPM17dab6d6] Rundll32.exe "c:\windows\system32\pujiyiho.dll",a
    O4 - HKCU\..\Run: [CPM17dab6d6] Rundll32.exe "c:\windows\system32\pujiyiho.dll",a
    O4 - HKUS\S-1-5-19\..\Run: [gemularole] Rundll32.exe "C:\WINDOWS\system32\gosofuwu.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [gemularole] Rundll32.exe "C:\WINDOWS\system32\gosofuwu.dll",s (User 'NETWORK SERVICE')
    O20 - AppInit_DLLs: tazzri.dll C:\WINDOWS\system32\gukejibu.dll avgrsstx.dll c:\windows\system32\pujiyiho.dll
    O20 - Winlogon Notify: fccCVpNF - fccCVpNF.dll (file missing)
    O20 - Winlogon Notify: mlJYqNgD - mlJYqNgD.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pujiyiho.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pujiyiho.dll (file missing)
    - Execute following script
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\system32\gosofuwu.dll','');
     QuarantineFile('C:\WINDOWS\system32\gukejibu.dll','');
     QuarantineFile('C:\WINDOWS\system32\lehevusa.dll','');
     QuarantineFile('c:\windows\system32\pujiyiho.dll','');
     QuarantineFile('fccCVpNF.dll','');
     QuarantineFile('mlJYqNgD.dll','');
     QuarantineFile('tazzri.dll','');
     QuarantineFile('C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll','');
     QuarantineFile('C:\WINDOWS\system32\mlJYqNgD.dll','');
     QuarantineFile('C:\WINDOWS\system32\hgGxUlii.dll','');
     QuarantineFile('C:\WINDOWS\system32\pegojehe.dll','');
     DeleteFile('C:\WINDOWS\system32\pegojehe.dll');
     DeleteFile('C:\WINDOWS\system32\hgGxUlii.dll');
     DeleteFile('C:\WINDOWS\system32\mlJYqNgD.dll');
     DeleteFile('C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll');
     DeleteFile('tazzri.dll');
     DeleteFile('mlJYqNgD.dll');
     DeleteFile('fccCVpNF.dll');
     DeleteFile('c:\windows\system32\tazzri.dll');
     DeleteFile('c:\windows\system32\mlJYqNgD.dll');
     DeleteFile('c:\windows\system32\fccCVpNF.dll');
     DeleteFile('c:\windows\system32\pujiyiho.dll');
     DeleteFile('C:\WINDOWS\system32\lehevusa.dll');
     DeleteFile('C:\WINDOWS\system32\gukejibu.dll');
     DeleteFile('C:\WINDOWS\system32\gosofuwu.dll');
     DelBHO('{5600363C-B1A7-464C-9D48-B57A901A74FA}');
     DelBHO('{547395D9-934A-CED6-B851-F238C86079E5}');
     DelBHO('{215A62BC-56A8-49A7-871D-5166C1C95D7C}');
     DelBHO('{14a48a29-9c61-431a-8bce-3b3dbadc1857}');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    ExecuteRepair(7);
    SetAVZPMStatus(True);
    end.
    After reboot execute following script
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Close all the programs and start only Internet Explorer!!!
    - Repeat 3 logs file.
    - Switch Antivirus and, if you have - Firewall, on.
    - Go On-Line
    - Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
    - Attach 3 logs to your new post..

  3. #3
    Junior Member Репутация
    Регистрация
    23.08.2009
    Сообщений
    11
    Вес репутации
    54
    I have done everything you said and I have attached the three newest logs. I have uploaded the quarantine.zip too.
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    It looks much better now

    Copy code in a new text file
    Код:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
      00
    "Bounds"=hex:00,30,00,00,00,20,00,00
    "Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
      00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
      6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
      00
    "LsaPid"=dword:00000328
    "SecureBoot"=dword:00000001
    "auditbaseobjects"=dword:00000000
    "crashonauditfail"=dword:00000000
    "disabledomaincreds"=dword:00000000
    "everyoneincludesanonymous"=dword:00000000
    "fipsalgorithmpolicy"=dword:00000000
    "forceguest"=dword:00000001
    "fullprivilegeauditing"=hex:00
    "limitblankpassworduse"=dword:00000001
    "lmcompatibilitylevel"=dword:00000000
    "nodefaultadminowner"=dword:00000001
    "nolmhash"=dword:00000000
    "restrictanonymous"=dword:00000000
    "restrictanonymoussam"=dword:00000001
    "Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
    "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
    "ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
      54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
      00,69,00,64,00,65,00,72,00,00,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
    "ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
    "Pattern"=hex:2d,5d,1e,b5,8d,0a,ea,78,d0,b5,27,f4,98,3a,3a,a4,35,63,63,37,36,\
      37,64,32,00,68,07,00,01,00,00,00,dc,00,00,00,e0,00,00,00,48,fa,06,00,97,55,\
      52,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,61,ea,b6,62
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
    "GrafBlumGroup"=hex:0a,7c,bb,22,03,b1,cd,2f,32
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
    "Lookup"=hex:bd,dc,51,b7,29,24
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
    "ntlmminclientsec"=dword:00000000
    "ntlmminserversec"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
    "SkewMatrix"=hex:19,ff,2e,fa,8f,10,ae,d1,a0,5c,34,a5,ff,a9,be,7a
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
    "SSOURL"="http://www.passport.com"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
    "Time"=hex:2e,71,69,ee,6a,b0,c8,01
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
    "Name"="Digest"
    "Comment"="Digest SSPI Authentication Package"
    "Capabilities"=dword:00004050
    "RpcId"=dword:0000ffff
    "Version"=dword:00000001
    "TokenSize"=dword:0000ffff
    "Time"=hex:00,e1,e2,ad,f3,9d,c8,01
    "Type"=dword:00000031
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
    "Name"="DPA"
    "Comment"="DPA Security Package"
    "Capabilities"=dword:00000037
    "RpcId"=dword:00000011
    "Version"=dword:00000001
    "TokenSize"=dword:00000300
    "Time"=hex:00,95,a7,b2,f3,9d,c8,01
    "Type"=dword:00000031
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
    "Name"="MSN"
    "Comment"="MSN Security Package"
    "Capabilities"=dword:00000037
    "RpcId"=dword:00000012
    "Version"=dword:00000001
    "TokenSize"=dword:00000300
    "Time"=hex:00,95,a7,b2,f3,9d,c8,01
    "Type"=dword:00000031
    Save it as e.g. 123.reg and start with double click.
    After that reboot your system and make only virusinfo_syscheck - log.

  5. #5
    Junior Member Репутация
    Регистрация
    23.08.2009
    Сообщений
    11
    Вес репутации
    54
    How do you make a new text file ?

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,100
    Вес репутации
    3023
    Цитата Сообщение от mediumt_3 Посмотреть сообщение
    How do you make a new text file ?
    Start/Run... type notepad , press Enter.

  7. #7
    Junior Member Репутация
    Регистрация
    23.08.2009
    Сообщений
    11
    Вес репутации
    54
    I made the txt file and opened it but nothing happened. What do I have to do for it to work.

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    You did forget about a little thing...
    Save it as 123.reg
    on reg file you should click in order to insert data to registry...

  9. #9
    Junior Member Репутация
    Регистрация
    23.08.2009
    Сообщений
    11
    Вес репутации
    54
    Ok inserted the file into the registry and rebooted the system. I have attached the new log.
    Вложения Вложения

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    AXPDefender - some rogue anti-spyware program. Did you install it by yourself? Unistall it.
    bonjour service should be uninstalled too.(how-to: http://virusinfo.info/showthread.php?t=42263 )

Похожие темы

  1. Computer Freezes Running Slow
    От tamaramac в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 29.08.2010, 22:40
  2. computer running slow from trojan
    От JFree в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 04.07.2010, 23:50
  3. Computer running slow and freezing
    От Neatfreakgramma в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 07.02.2010, 00:46
  4. PC running slow.Is something wrong?
    От MaFerreira в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 12.01.2010, 17:52
  5. computer running really slow, some kind of virus
    От thepgubucket в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 07.08.2009, 12:40

Метки для этой темы

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01333 seconds with 20 queries