MyCity » Ambulanta -> Arhiva Ambulante » sporo podizanje sistema

sporo podizanje sistema

Napisano na dan: 24.12.2008

sporo podizanje sistema
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Dec 2008 19:28
Idi na vrh
offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:40, on 24.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
D:\internet\TR#\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 6303 bytes

jako sporo mi se podize sistem, naravno redovno cistim temp registry bazu sa CCLeaner-om,net cas radi prefektno cas jako sporo otvara stranice (ja mislim da je do provajdera), i imam 6 svchost.exe procesa
evo i combofix log ako zatreba

ComboFix 08-12-23.01 - Nesho & Nedja 2008-12-24 19:00:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1600 [GMT 1:00]
Running from: c:\documents and settings\Nesho & Nedja\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\jestertb.dll
c:\windows.0\system\oeminfo.ini
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\Process.exe
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-20 16:34 . 2008-12-20 16:34 4,096 --a------ c:\windows.0\d3dx.dat
2008-12-17 23:33 . 2008-12-17 23:33 244 --ah----- C:\sqmnoopt10.sqm
2008-12-17 23:33 . 2008-12-17 23:33 232 --ah----- C:\sqmdata10.sqm
2008-12-12 22:09 . 2008-12-12 22:09 <DIR> d-------- c:\program files\GIGABYTE
2008-12-12 22:09 . 2007-05-13 14:35 479,360 --a------ c:\windows.0\system32\drivers\rt61.sys
2008-12-12 22:09 . 2008-12-12 22:09 21,419 --a------ c:\windows.0\system32\drivers\AegisP.sys
2008-12-12 22:08 . 2008-12-12 22:08 <DIR> d-------- c:\documents and settings\Nesho & Nedja\Application Data\InstallShield
2008-12-12 16:52 . 2008-12-12 16:52 <DIR> d--hs---- c:\windows.0\ftpcache
2008-12-12 15:37 . 2008-12-12 16:17 <DIR> d-------- c:\program files\softysystem games 2005
2008-12-10 08:17 . 2008-12-10 08:17 <DIR> d-------- c:\windows.0\USB Vibration
2008-12-10 08:17 . 2008-12-10 08:17 <DIR> d-------- c:\program files\USB Vibration
2008-12-08 11:46 . 2008-12-20 18:11 <DIR> d-------- c:\program files\RoadToBaghdad
2008-12-07 11:26 . 2008-12-12 21:57 <DIR> d-------- c:\program files\MagicISO
2008-12-07 11:23 . 2008-12-12 21:58 <DIR> d-------- c:\program files\nLite
2008-12-07 09:34 . 2008-12-07 09:34 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-07 09:03 . 2008-12-07 09:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Yahoo!
2008-12-06 21:30 . 2008-12-07 09:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 15:53 . 2008-04-14 05:15 10,368 --a------ c:\windows.0\system32\drivers\hidusb.sys
2008-12-06 15:53 . 2008-04-14 05:15 10,368 --a------ c:\windows.0\system32\dllcache\hidusb.sys
2008-12-04 20:46 . 2008-12-04 20:46 1,626 --a------ c:\windows.0\system32\ealregsnapshot1.reg
2008-12-04 15:32 . 2008-12-04 16:35 <DIR> d-------- c:\program files\Monopoly
2008-12-03 20:06 . 2008-12-03 20:06 <DIR> d-------- c:\documents and settings\Nesho & Nedja\Application Data\SpinTop
2008-11-29 18:31 . 2008-11-29 18:31 268 --ah----- C:\sqmdata09.sqm
2008-11-29 18:31 . 2008-11-29 18:31 244 --ah----- C:\sqmnoopt09.sqm
2008-11-29 15:23 . 2008-11-29 15:23 268 --ah----- C:\sqmdata08.sqm
2008-11-29 15:23 . 2008-11-29 15:23 244 --ah----- C:\sqmnoopt08.sqm
2008-11-29 15:11 . 2008-11-29 15:11 268 --ah----- C:\sqmdata07.sqm
2008-11-29 15:11 . 2008-11-29 15:11 244 --ah----- C:\sqmnoopt07.sqm
2008-11-29 14:52 . 2008-11-29 14:52 268 --ah----- C:\sqmdata06.sqm
2008-11-29 14:52 . 2008-11-29 14:52 244 --ah----- C:\sqmnoopt06.sqm
2008-11-29 14:40 . 2008-11-29 14:40 268 --ah----- C:\sqmdata05.sqm
2008-11-29 14:40 . 2008-11-29 14:40 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 22:38 . 2008-11-24 22:37 204 --a------ c:\windows.0\system32\oeminfo.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-24 11:37 647,200 --sha-w c:\windows.0\system32\drivers\fidbox2.dat
2008-12-24 11:37 4,340 --sha-w c:\windows.0\system32\drivers\fidbox2.idx
2008-12-24 11:37 23,940 --sha-w c:\windows.0\system32\drivers\fidbox.idx
2008-12-24 11:37 2,791,968 --sha-w c:\windows.0\system32\drivers\fidbox.dat
2008-12-20 19:01 --------- d-----w c:\program files\Counter-Strike 1.6
2008-12-20 17:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 21:13 523,142 ----a-w c:\windows.0\system32\PerfStringBackup.TMP
2008-12-10 07:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 19:38 --------- d-----w c:\program files\Microsoft Games
2008-12-07 17:56 43,520 ----a-w c:\windows.0\system32\CmdLineExt03.dll
2008-12-07 08:09 --------- d-----w c:\program files\Your Uninstaller 2008
2008-12-07 08:08 --------- d-----w c:\program files\Hamachi
2008-11-30 18:00 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\Hamachi
2008-11-26 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-23 22:07 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\BitTorrent
2008-11-23 18:54 25,280 ----a-w c:\windows.0\system32\drivers\hamachi.sys
2008-11-19 20:14 --------- d-----w c:\program files\Radical Games
2008-11-19 11:08 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-16 18:00 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\Leadertech
2008-11-16 17:55 --------- d-----w c:\program files\Firaxis Games
2008-11-09 11:23 --------- d-----w c:\program files\CleanMyPC
2008-11-08 13:06 98,304 ----a-w c:\windows.0\system32\CmdLineExt.dll
2008-11-08 12:59 --------- d-----w c:\program files\Firefly Studios
2008-11-07 18:15 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\BSplayer
2008-11-07 10:48 --------- d-----w c:\program files\JAM Software
2008-11-03 06:44 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\FrostWire
2008-11-02 11:27 --------- d-----w c:\program files\18 Wheels of Steel American Long Haul
2008-10-29 20:33 --------- d-----w c:\program files\directx
2008-10-24 08:47 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\VoipBuster
2008-08-06 13:18 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2007-06-28 8466432]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2007-06-28 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 c:\windows.0\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-23 c:\windows.0\system32\advpack.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/12/2008 10:09:14 PM 741376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Gigabyte Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Gigabyte Wireless Utility.lnk
backup=c:\windows.0\pss\Gigabyte Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nesho & Nedja^Start Menu^Programs^Startup^Styler.lnk]
backup=c:\windows.0\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--ah----- 2008-04-14 11:42 15360 c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--ah----- 2006-01-12 14:40 155648 c:\windows.0\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-22 21:18 1271808 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-06-15 12:40 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 16:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
--a------ 2007-04-13 17:08 114688 c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 17:43 1626112 c:\windows.0\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\WINDOWS.0\\system32\\sessmgr.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows.0\system32\DRIVERS\iteraid.sys [4/23/2008 3:45:52 PM 25105]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [1/29/2008 5:29:38 PM 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\DRIVERS\klim5.sys [3/25/2008 7:07:10 PM 24592]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows.0\system32\Drivers\VMUVC.sys [8/6/2008 6:56:39 PM 248448]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows.0\system32\drivers\vvftUVC.sys [8/6/2008 6:56:38 PM 476032]
S3 FXDRV;FXDRV;\??\F:\Fxdrv.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [1/19/2007 11:54:14 AM 97136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows.0\Downloaded Program Files\stg_drm.ocx - c:\windows.0\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows.0\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows.0\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
[Link mogu videti samo ulogovani korisnici]

c:\windows.0\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
[Link mogu videti samo ulogovani korisnici]
c:\windows.0\Downloaded Program Files\sysreqlab.osd

c:\windows.0\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
[Link mogu videti samo ulogovani korisnici]

c:\windows.0\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
[Link mogu videti samo ulogovani korisnici]
c:\windows.0\Downloaded Program Files\cab.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-12-24 19:03:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows.0\system32\klogon.dll
.
Completion time: 2008-12-24 19:05:10
ComboFix-quarantined-files.txt 2008-12-24 18:04:44

Pre-Run: 18.709.471.232 bytes free
Post-Run: 18,700,197,888 bytes free

221

Dopuna: 24 Dec 2008 19:28

evo i slike svih procesa pa vidi ako nesto ne valja




Poslao: 24 Dec 2008 19:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Ovde nema malware-a.

Što se tiče brzine, obriši temp file-ove i defragmentuj hard disk - to bi moglo malo da pomogne.



Poslao: 24 Dec 2008 21:37
Idi na vrh
offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

ok hvala na odgovoru

Pozdrav za najbolje PC doktore!!!

MyCity » Ambulanta -> Arhiva Ambulante » sporo podizanje sistema

Ko je trenutno na forumu
 

Ukupno su 1007 korisnika na forumu :: 180 registrovanih, 13 sakrivenih i 814 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, _Rade, _stipa_, adamic5, advokat84, AK - 230, Aleksandar Šljivar, Alexa77, AndrejPetar, ArmFPGA, asdfjklc, Asteker, atmel, Atomski čoban, B61, babaroga, berste23, Betta, bgs, blankspace, Bobrock1, Bojan198527, Borski1977, Bosnjo, Botovac, bounty hunters, Bubimir, cavatina, Chainsaw, chichabg, CikaKURE, Coficab, cojapop, Crazzer, dankisha, Darko Jovanovic, debeli, deks, Despot Đurađ, Dimitrije Paunovic, Dixtrix, Django777, djole01, Djuza, Dogma21, draganche.rs, draganl, drimer, Drugard72, Dzil, Electron, EVIDENTICAR, Fabius, Filip1, FOX, Gaga_89, gale48, galerija, GeoM, gmlale, gobrad, gorankuba, grenadir, GT, Hardenberg, herrDule, hrkaz, Inner-Cell, ISOF, ivan1973, IvanM1984, Ivanmateja, ivica976, j-22orao, Jomini, jon istvan, Josef, Jovan.D, Kajzer Soze, Kalem, KizJ, Koce, komsija1, kozhedub, krkalon, Laluvr, Levi, LostInSpaceandTime, madza, Malibeli, Manjane, Marko Marković, MaschinenPistole, MeHighLow13, mercedesamg, Mi lao shu, Mig 29, milenko crazy north, milutin134, miodrag, Mitraljeta, mmelezovic, Moldovan, moldway, mrm, museum, neko iz mase, nizam, Nmr, nobutado, Ognjen D., Paklenica, Papadubi, pasko2025, pavle_pzs, Pekman, Perudin_92, pisac12, PITT, PMsnow, Posmatrac77OKB, Povratak1912, Prečanin30, procesor, proka89, Pururin, raster12, Remain, Robin, S2M, sabros, Samo gledam, samocitam, sekretar, Semprini, silikon, Simulink11000, sistem22, Skakac7, Sky diver 29, sluga, Smiljkovich, Snorks, Sone0883, Sonic, SpaDej, Srky Boy, Srna, sspp, stegonosa, Stojan Mrsavi, Tankosić, tm, trpche, Tumansky, Tvrtko I, ujke, US_Rank_0, vandrej, Vatreni Zmaj, VBoss, Veless, vidra1, Vlad000, volimpivuvolimrakiju, vzd1389, W123, wizzardone, xpforswodniw, yagosh, Yekaterinburg, Zandar, Zdenko, Zeljo980, zlaya011, Zoca, Zrcalo, zrno, zule2, 1453