Nesto se cudno desava sa kompom

Nesto se cudno desava sa kompom

offline
  • Pridružio: 19 Maj 2007
  • Poruke: 31

Internet mi radi savrseno odredjeni vremenski period i download je dobar.Zatim odjednom racunar uspori sa radom, download padne na nulu tako da nemogu ni jednu obicnu web stranicu da otvorim. Jedini protok koji mi pokazuje du meter jeste upload.Jedini nacin da sredim sve jeste da restartujem komp i svaki put mi zone alarm pokazuje Win32.Webdir.

Sta li je u pitanju, virus, trojanac ili...

Logfile of HijackThis v1.99.1
Scan saved at 10:35:45 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\vampir.VAMPIR-0A0AFBAD\Desktop\hajack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nisi ispostovao sve tacke uputstva za postavljanje loga.
Promeni ime fajla HijackThis.exe u nesto drugo. Mnoge infekcije se sakriju kada primete da je HijackThis startovan, osim ukoliko se ne promeni ime fajla.

offline
  • Pridružio: 19 Maj 2007
  • Poruke: 31

Logfile of HijackThis v1.99.1
Scan saved at 11:16:53 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\TC UP\TOTALCMD.EXE
C:\Documents and Settings\vampir.VAMPIR-0A0AFBAD\Desktop\ja sam ja\ja sam ja.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{5076FADD-0B47-4244-90AE-9D2CB1519154}: NameServer = 195.178.32.2,212.200.13.13
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova...

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

offline
  • Pridružio: 19 Maj 2007
  • Poruke: 31

GMER 1.0.12.12244 - gmer.net
Rootkit scan 2007-06-02 19:35:01
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

INT 0x20 srescan.sys F74DDA00

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + C0 804DBEC3 7 Bytes JMP F5BF83C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP F5BF5400 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP F5BF4F00 \??\C:\WINDOWS\system32\drivers\klif.sys
? srescan.sys The system cannot find the file specified.
? C:\WINDOWS\system32\DRIVERS\update.sys
.text ntoskrnl.exe!KiDispatchInterrupt + C0 804DBEC3 7 Bytes JMP F5BF83C0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8EBA 5 Bytes JMP F5BF5400 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804FDAF1 5 Bytes JMP F5BF4F00 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1232] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F5D3B880] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F5D3B880] vsdatant.sys

---- Threads - GMER 1.0.12 ----

Thread 4:120 828D9D00
Thread 4:124 828D9D00
Thread 4:128 828AF430
Thread 4:132 828AF430
Thread 4:136 828AF430
Thread 4:480 828D9D00
Thread 4:564 828D9D00

---- EOF - GMER 1.0.12 ----


GMER 1.0.12.12244 - gmer.net
Autostart scan 2007-06-02 19:37:25
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon@DLLName = C:\WINDOWS\system32\klogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP /*Kaspersky Anti-Virus 6.0*/@ = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r
nlsvc /*NetLimiter*/@ = "C:\Program Files\NetLimiter 2 Pro\nlsvc.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVP"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@DU MeterC:\Program Files\DU Meter\DUMeter.exe = C:\Program Files\DU Meter\DUMeter.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus statistics*/C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5076FADD-0B47-4244-90AE-9D2CB1519154} /*Local Area Connection*/ >>>
@IPAddress192.168.1.4 = 192.168.1.4
@NameServer195.178.32.2,212.200.13.13 = 195.178.32.2,212.200.13.13
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

---- EOF - GMER 1.0.12 ----

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Sve izgleda cisto.

Kazi u kom ti to fajlu ZoneAlarm prijavljuje Win32.WebDir.
Kada racunar pocne da usporava, da li gasenje ZoneAlarma dovodi do poboljsanja konekcije?

offline
  • Pridružio: 19 Maj 2007
  • Poruke: 31

ne jednostavno sve je mrtvo, a desava se da nemogu da ugasim ni zone alaram, ni kaspersky jednostavno do te mere uspori da jednostavno nece ugasi odredjene procese, niti hoce da restartuje dik rucno neuradim restart.

Dok sam skenirao komp gmerom nekoliko puta mi se restartovao, dok nisam isljucio modem.Jednostavno sam zatecen.

Nista hvala, sve jedno moda uradim reinsalaciju windowsa ili probam da predjem na linux.

Poydrav i hvala na trudu.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ukoliko ipak resis da ne reinstaliras Windows, onda se javi.
Ja cu temu da ostavim otkljucanu jos par dana, za slucaj da se predomislis.

Ko je trenutno na forumu
 

Ukupno su 774 korisnika na forumu :: 28 registrovanih, 5 sakrivenih i 741 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, antosky, Bahuss, Battlehammer, branko7, Cirkon, cole77, deNSki, dragoljub11987, Duh sa sekirom, Džordžino, goxin, ivan979, mercedesamg, moldway, mustangkg, nuke92, operniki, Pavac, Sr.Stat., Srki94, Srki98, suton, ucenik32, W123, zillbg, zixmix