Usporen računar

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Moj problem je što se laptop usporio u svom radu...Dosta duže mu treba da pokrene neki program, pa u to uključujem i browser mozzilu. Učitava duže stranice kao da sam na dial up-u a priključen sam na kablovski internet sbb provajdera. Koristim 32 bitni Windows. Zaštita mu nije najjača strana jer ima intaliran trial verziju nod-a.
Ja se izvinjavam za prethodna 2 pokušaja da temu okačim, nisam uopšte znao da je u pitanju promena procedure i da treba koristiti ove nove software.
evo Dss loga:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Korisnik at 21:12:56.92 on 15/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.8 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Documents and Settings\Korisnik\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\w75v6uou.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-15 07:33 <DIR> --d----- c:\program files\Trend Micro
2009-08-14 11:47 <DIR> --d----- c:\program files\3GP Player 2009
2009-08-14 11:47 <DIR> --d----- c:\program files\Reganam
2009-08-14 01:28 <DIR> --d----- c:\program files\URUSoft
2009-08-14 01:19 <DIR> --d----- c:\program files\Conduit
2009-08-14 01:19 <DIR> --d----- c:\program files\BS_Player
2009-08-14 01:18 <DIR> --d----- c:\docume~1\korisnik\applic~1\BSplayer Pro
2009-08-14 01:18 <DIR> --d----- c:\docume~1\korisnik\applic~1\BSplayer
2009-08-14 01:17 <DIR> --d----- c:\program files\Webteh
2009-08-12 15:26 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-09 15:42 <DIR> --d----- c:\docume~1\korisnik\applic~1\Sports Interactive
2009-08-09 15:27 <DIR> --d----- c:\program files\uTorrent
2009-08-09 15:26 <DIR> --d----- c:\docume~1\korisnik\applic~1\uTorrent
2009-08-09 14:58 <DIR> --d----- c:\docume~1\korisnik\applic~1\MSNInstaller
2009-08-08 23:55 <DIR> --d----- c:\program files\Activision
2009-08-08 22:24 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-08 20:19 <DIR> --d----- C:\Nemanja
2009-08-08 20:13 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-08-08 20:11 716,272 a------- c:\windows\system32\drivers\sptd.sys
2009-08-07 17:16 <DIR> --d----- c:\program files\ESET
2009-08-07 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-07 14:37 <DIR> --d----- c:\program files\AVG
2009-08-05 21:49 <DIR> --d----- c:\program files\SopCast
2009-08-05 19:41 545 a------- c:\windows\UC.PIF
2009-08-05 19:41 545 a------- c:\windows\RAR.PIF
2009-08-05 19:41 545 a------- c:\windows\PKZIP.PIF
2009-08-05 19:41 545 a------- c:\windows\PKUNZIP.PIF
2009-08-05 19:41 545 a------- c:\windows\NOCLOSE.PIF
2009-08-05 19:41 545 a------- c:\windows\LHA.PIF
2009-08-05 19:41 545 a------- c:\windows\ARJ.PIF
2009-08-05 19:41 <DIR> --d----- C:\totalcmd
2009-08-05 19:41 <DIR> --d----- c:\docume~1\korisnik\applic~1\GHISLER

==================== Find3M ====================

2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-06-26 18:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-26 18:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 20:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 20:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 20:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 20:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 20:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 20:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 20:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 20:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 20:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 20:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 20:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 20:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 10:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 10:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 10:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-22 13:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 13:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 13:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 13:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-22 13:34 92,544 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 13:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 16:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 08:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 09:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 21:27 1,290,752 a------- c:\windows\system32\quartz.dll

============= FINISH: 21:15:17.98 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

Neverovatno koliko je usporen internet...ovo kačenje logova mi je izgledalo kao večnost.
Pozdrav, u iščekivanju pomoći.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Preuzmi SysProt AntiRootkit sa sledeće stranice:

SysProt downlaod

Na strani koja se otvori treba kliknuti "here" link.



Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;

štikliraj svih osam stavki i klikni Create log;

nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;

po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;

izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.


Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja bih rado video SysProt log, umesto RootRepeal loga koji si postavio.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda prilično čisto, no pošto jedan od ranijih logova nije bio kompletan, odradićemo skeniranje još jednim programom.




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.