Usporeno podizanje sistema...

1

Usporeno podizanje sistema...

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Dakle...Imam problem sa brzinom podizanja sistema ->
Pritiskom na dugme za ukljucivanje kompa,sve se odradi savrseno dok se ne prikazu ikonice (stavise,to se odradi prilicno brzo),a onda...Pojavi mi se ona 'slika' NOD-a koja se pojavljuje pri svakom bootovanju i tako stoji nekih 2-3 minuta.Tek onda se ucitaju ostali programi (WinFast Wizard i konekcija za kablovski net)...Dok se programi ne ucitaju tj. dok stoji ta slika NOD-a,mogu bez problema da koristim Total Commander isl,ali cim udjem u My Computer ne dobijem ikonice,vec vidim samo onu (cini mi se) baterijsku lampu koja 'seta' levo-desno - Browsing.To traje sve dok se programi ne ucitaju...

Moram da napomenem da je Windows redovno updateovan (kao i NOD32),Registry baza je ociscena (Registry First Aid),Temp fajlovi obrisani,uradjena defragmentacija (Diskeeper Pro),kao i Total Care System Mechanica (u full modu)...

Takodje,moram da napomenem da sam pre NOD-a imao KIS koji sam uklonio jer sam sumnjao u njega (mislio sam da on usporava masinu)...

Mislim da sam uradio sve sto je u mojoj moci,tako da sam odlucio da se obratim vama ->

Logfile of HijackThis v1.99.1
Scan saved at 17:28:45, on 3.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Piksi\Desktop\New Folder\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Log koji si postavio ne pokazuje ništa sumnjivo a ni maliciozno.

Skeniraj komp sa GMER-om i postavi log da proverimo da eventualno nema nekih rootkitova.

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-03 22:57:33
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1952] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [ C2, 04, 00, 00 ]

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F8795466] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F879D94A] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F87958A4] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F879531C] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F879E41E] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8795408] sisidex.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F31924B2] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F3192BD2] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F319288E] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F31923C8] eamon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F31923C8] eamon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F88777F4] epfwtdir.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F88777F4] epfwtdir.sys

---- EOF - GMER 1.0.13 ----

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Proveri mi ko je proizvođač ovog drajvera (desni klik - properties - company)
C:\ WINDOWS\ system32\ drivers\ sisidex.sys

Trebalo bi da je u pitanju MS ili SIS ako ti ploča ima njihov chipset.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Company:
Windows (R) 2000 DDK provider

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

To je to, kao i što sam pretpostavljao. MS-ov je fajl. Jel' programiraš ? Praviš drajvere i sl ? Poznato ti je ovo o čemu pričamo u zadnja 2 posta ?

btw. Uradićeš još jednu proveru a ja ću da pogledam to kasnije u toku večeri.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Razumem o cemu pricamo (imam SIS-ov chipset),ali ne pravim drajvere Smile...
Vise sam orijentisan na PHP i MySQL (za sada) Smile...


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

U logovima nema traga malware-u.

Kako si podešavao Windows Desktop Search ili Diskeeper, tj. njihove servise koji se podižu sa sistemom ? Jesu li na manual ? To bi moglo biti uzrok problema.

Raspakuj [url=https://www.mycity.rs/must-login.png u folder i pokreni fajl Lista_servisa.bat. Log koji dobiješ uploaduj uz sledeći poruku kao txt fajl.

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Windows Desktop Search uopste ne koristim,a Diskeeper sam skoro instalirao (tako da ne verujem da je on problematican)...


https://www.mycity.rs/must-login.png

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ima možda par servisa koji bi mogli i da se ugase ali verujem da bi to u tvom slučaju dalo zanemarljivo poboljšanje.

Ne mogu da skapiram šta je uzrok problema ali malware sigurno nije.
Jedino šta bih još mogao da ti preporučim je da proveriš nije li kojim slučajem oštećen ili fali neki sistemski fajl ili drajver.

Proveru uradi tako što ćeš u command prompt-u ukucati naredbu
sfc /scannow

Spremi i Windows disk jer će ti ga System File Checker zatražiti pri proveri.

Ko je trenutno na forumu
 

Ukupno su 987 korisnika na forumu :: 23 registrovanih, 0 sakrivenih i 964 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, babaroga, Bobrock1, brundo65, cemix, Djordje29, DonRumataEstorski, Futog 74, ILGromovnik, Kriglord, krkalon, m0nstrum_, milenko crazy north, milos.cbr, Mixelotti, paja69, Parker, pein, powSrb, Shilok, sovanova95, tubular, vaso1