MyCity » Ambulanta -> Arhiva Ambulante » sporo podizanje sistema

sporo podizanje sistema

Napisano na dan: 24.12.2008

sporo podizanje sistema
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Dec 2008 19:28
Idi na vrh
offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:40, on 24.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
D:\internet\TR#\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....2979018875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6.....3028315890
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E60E6AD-9387-4CCE-B094-A9D8CA4A083E}: NameServer = 10.24.4.1
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 6303 bytes

jako sporo mi se podize sistem, naravno redovno cistim temp registry bazu sa CCLeaner-om,net cas radi prefektno cas jako sporo otvara stranice (ja mislim da je do provajdera), i imam 6 svchost.exe procesa
evo i combofix log ako zatreba

ComboFix 08-12-23.01 - Nesho & Nedja 2008-12-24 19:00:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1600 [GMT 1:00]
Running from: c:\documents and settings\Nesho & Nedja\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\jestertb.dll
c:\windows.0\system\oeminfo.ini
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\Process.exe
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-20 16:34 . 2008-12-20 16:34 4,096 --a------ c:\windows.0\d3dx.dat
2008-12-17 23:33 . 2008-12-17 23:33 244 --ah----- C:\sqmnoopt10.sqm
2008-12-17 23:33 . 2008-12-17 23:33 232 --ah----- C:\sqmdata10.sqm
2008-12-12 22:09 . 2008-12-12 22:09 <DIR> d-------- c:\program files\GIGABYTE
2008-12-12 22:09 . 2007-05-13 14:35 479,360 --a------ c:\windows.0\system32\drivers\rt61.sys
2008-12-12 22:09 . 2008-12-12 22:09 21,419 --a------ c:\windows.0\system32\drivers\AegisP.sys
2008-12-12 22:08 . 2008-12-12 22:08 <DIR> d-------- c:\documents and settings\Nesho & Nedja\Application Data\InstallShield
2008-12-12 16:52 . 2008-12-12 16:52 <DIR> d--hs---- c:\windows.0\ftpcache
2008-12-12 15:37 . 2008-12-12 16:17 <DIR> d-------- c:\program files\softysystem games 2005
2008-12-10 08:17 . 2008-12-10 08:17 <DIR> d-------- c:\windows.0\USB Vibration
2008-12-10 08:17 . 2008-12-10 08:17 <DIR> d-------- c:\program files\USB Vibration
2008-12-08 11:46 . 2008-12-20 18:11 <DIR> d-------- c:\program files\RoadToBaghdad
2008-12-07 11:26 . 2008-12-12 21:57 <DIR> d-------- c:\program files\MagicISO
2008-12-07 11:23 . 2008-12-12 21:58 <DIR> d-------- c:\program files\nLite
2008-12-07 09:34 . 2008-12-07 09:34 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-07 09:03 . 2008-12-07 09:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Yahoo!
2008-12-06 21:30 . 2008-12-07 09:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-06 15:53 . 2008-04-14 05:15 10,368 --a------ c:\windows.0\system32\drivers\hidusb.sys
2008-12-06 15:53 . 2008-04-14 05:15 10,368 --a------ c:\windows.0\system32\dllcache\hidusb.sys
2008-12-04 20:46 . 2008-12-04 20:46 1,626 --a------ c:\windows.0\system32\ealregsnapshot1.reg
2008-12-04 15:32 . 2008-12-04 16:35 <DIR> d-------- c:\program files\Monopoly
2008-12-03 20:06 . 2008-12-03 20:06 <DIR> d-------- c:\documents and settings\Nesho & Nedja\Application Data\SpinTop
2008-11-29 18:31 . 2008-11-29 18:31 268 --ah----- C:\sqmdata09.sqm
2008-11-29 18:31 . 2008-11-29 18:31 244 --ah----- C:\sqmnoopt09.sqm
2008-11-29 15:23 . 2008-11-29 15:23 268 --ah----- C:\sqmdata08.sqm
2008-11-29 15:23 . 2008-11-29 15:23 244 --ah----- C:\sqmnoopt08.sqm
2008-11-29 15:11 . 2008-11-29 15:11 268 --ah----- C:\sqmdata07.sqm
2008-11-29 15:11 . 2008-11-29 15:11 244 --ah----- C:\sqmnoopt07.sqm
2008-11-29 14:52 . 2008-11-29 14:52 268 --ah----- C:\sqmdata06.sqm
2008-11-29 14:52 . 2008-11-29 14:52 244 --ah----- C:\sqmnoopt06.sqm
2008-11-29 14:40 . 2008-11-29 14:40 268 --ah----- C:\sqmdata05.sqm
2008-11-29 14:40 . 2008-11-29 14:40 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 22:38 . 2008-11-24 22:37 204 --a------ c:\windows.0\system32\oeminfo.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-24 11:37 647,200 --sha-w c:\windows.0\system32\drivers\fidbox2.dat
2008-12-24 11:37 4,340 --sha-w c:\windows.0\system32\drivers\fidbox2.idx
2008-12-24 11:37 23,940 --sha-w c:\windows.0\system32\drivers\fidbox.idx
2008-12-24 11:37 2,791,968 --sha-w c:\windows.0\system32\drivers\fidbox.dat
2008-12-20 19:01 --------- d-----w c:\program files\Counter-Strike 1.6
2008-12-20 17:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 21:13 523,142 ----a-w c:\windows.0\system32\PerfStringBackup.TMP
2008-12-10 07:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 19:38 --------- d-----w c:\program files\Microsoft Games
2008-12-07 17:56 43,520 ----a-w c:\windows.0\system32\CmdLineExt03.dll
2008-12-07 08:09 --------- d-----w c:\program files\Your Uninstaller 2008
2008-12-07 08:08 --------- d-----w c:\program files\Hamachi
2008-11-30 18:00 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\Hamachi
2008-11-26 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-23 22:07 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\BitTorrent
2008-11-23 18:54 25,280 ----a-w c:\windows.0\system32\drivers\hamachi.sys
2008-11-19 20:14 --------- d-----w c:\program files\Radical Games
2008-11-19 11:08 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-16 18:00 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\Leadertech
2008-11-16 17:55 --------- d-----w c:\program files\Firaxis Games
2008-11-09 11:23 --------- d-----w c:\program files\CleanMyPC
2008-11-08 13:06 98,304 ----a-w c:\windows.0\system32\CmdLineExt.dll
2008-11-08 12:59 --------- d-----w c:\program files\Firefly Studios
2008-11-07 18:15 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\BSplayer
2008-11-07 10:48 --------- d-----w c:\program files\JAM Software
2008-11-03 06:44 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\FrostWire
2008-11-02 11:27 --------- d-----w c:\program files\18 Wheels of Steel American Long Haul
2008-10-29 20:33 --------- d-----w c:\program files\directx
2008-10-24 08:47 --------- d-----w c:\documents and settings\Nesho & Nedja\Application Data\VoipBuster
2008-08-06 13:18 32,768 --sha-w c:\windows.0\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2007-06-28 8466432]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2007-06-28 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 c:\windows.0\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-23 c:\windows.0\system32\advpack.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/12/2008 10:09:14 PM 741376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Gigabyte Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Gigabyte Wireless Utility.lnk
backup=c:\windows.0\pss\Gigabyte Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nesho & Nedja^Start Menu^Programs^Startup^Styler.lnk]
backup=c:\windows.0\pss\Styler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--ah----- 2008-04-14 11:42 15360 c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--ah----- 2006-01-12 14:40 155648 c:\windows.0\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-03-22 21:18 1271808 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-06-15 12:40 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 16:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
--a------ 2007-04-13 17:08 114688 c:\program files\Vimicro\Vimicro UVC USB2.0 PC Camera\x86\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 17:43 1626112 c:\windows.0\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\WINDOWS.0\\system32\\sessmgr.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows.0\system32\DRIVERS\iteraid.sys [4/23/2008 3:45:52 PM 25105]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [1/29/2008 5:29:38 PM 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\DRIVERS\klim5.sys [3/25/2008 7:07:10 PM 24592]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows.0\system32\Drivers\VMUVC.sys [8/6/2008 6:56:39 PM 248448]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows.0\system32\drivers\vvftUVC.sys [8/6/2008 6:56:38 PM 476032]
S3 FXDRV;FXDRV;\??\F:\Fxdrv.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [1/19/2007 11:54:14 AM 97136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
mStart Page = hxxp://home.sweetim.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows.0\Downloaded Program Files\stg_drm.ocx - c:\windows.0\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows.0\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows.0\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx

c:\windows.0\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows.0\Downloaded Program Files\sysreqlab.osd

c:\windows.0\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx

c:\windows.0\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows.0\Downloaded Program Files\cab.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 19:03:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows.0\system32\klogon.dll
.
Completion time: 2008-12-24 19:05:10
ComboFix-quarantined-files.txt 2008-12-24 18:04:44

Pre-Run: 18.709.471.232 bytes free
Post-Run: 18,700,197,888 bytes free

221

Dopuna: 24 Dec 2008 19:28

evo i slike svih procesa pa vidi ako nesto ne valja


Poslao: 24 Dec 2008 19:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Ovde nema malware-a.

Što se tiče brzine, obriši temp file-ove i defragmentuj hard disk - to bi moglo malo da pomogne.

Poslao: 24 Dec 2008 21:37
Idi na vrh
offline
  • Pridružio: 17 Maj 2008
  • Poruke: 442
  • Gde živiš: Torak City

ok hvala na odgovoru

Pozdrav za najbolje PC doktore!!!

MyCity » Ambulanta -> Arhiva Ambulante » sporo podizanje sistema

Ko je trenutno na forumu
 

Ukupno su 706 korisnika na forumu :: 3 registrovanih, 1 sakriven i 702 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bigfoot, Milos82, scimitar19