MyCity » Ambulanta -> Arhiva Ambulante » Provera, molim vas...

Provera, molim vas...

Napisano na dan: 15.2.2008

Provera, molim vas...
Sledeća strana Pagination

Idi na vrh

Poslao: 15 Feb 2008 21:35
Idi na vrh
offline
  • Pridružio: 10 Okt 2005
  • Poruke: 13526
  • Gde živiš: Beograd

WinXP SP2, Zone Alarm 7.0.33 free, Kaspersky AV 6.0.1 Telekom ADSL 512/64, Firefox 2.0.0.3

Dešava se (posebno kad sam na net-u), da računar upadljivo sporije reaguje na kliktanje mišem na ikone pri otvaranju nekog programa ili pri prelasku iz taba u tab u FFox-u. Isto je i sa alternativnim komandama sa tastature (Alt+Tab)... Mirnije ću spavati ako pregledate donji log.
Hvala!




Logfile of HijackThis v1.99.1
Scan saved at 21:22:58, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Documents and Settings\Sloba\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = d:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [IE Privacy Keeper] "D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Total Commander.lnk = D:\Total Commander\Totalcmd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi sa FlashGet-om - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Prevedi sa Di recnikom - D:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858-) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe



Poslao: 15 Feb 2008 22:14
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pozz

Jesi li ti postavio google.ru i samlab.ru kao home page za IE ?



Poslao: 15 Feb 2008 22:27
Idi na vrh
offline
  • Pridružio: 10 Okt 2005
  • Poruke: 13526
  • Gde živiš: Beograd

Nisam, IE nisam otvorio odavno... I na FFox-u i IE-u startna strana mi je blank. Jedino ako klinac nešto nije čačkao... Evo, vratio sam na blank, restartovao IE i sa mi ne otvara samlab.ru Šta dalje da radim?

Poslao: 15 Feb 2008 22:37
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pazi.. sem tih linija koje su mi bile čudne nisam nadalje primetio ništa sporno u logu koji si postavio.

Šta dalje ?
Probaćemo sa ComboFix-om, možda on pokaže nešto konkretnije. Proveru tog loga očekuj sutra.

Evo ga uputstvo za CF.
---------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 15 Feb 2008 23:00
Idi na vrh
offline
  • Pridružio: 10 Okt 2005
  • Poruke: 13526
  • Gde živiš: Beograd

Evo ComboFix loga:

ComboFix 08-02-16.2 - Sloba 2008-02-15 22:43:30.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT 1:00]
Running from: D:\Documents and Settings\Sloba\My Documents\My Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\kdrth.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-14 23:29 . 2008-02-14 23:06 921,654 --a------ D:\BACK.BMP
2008-02-14 23:28 . 2008-02-14 23:28 5,998 --a------ D:\Hiren_s_BootCD.gif
2008-02-14 23:25 . 2008-02-14 23:25 14,182 --a------ D:\vc_logo2.gif
2008-02-14 23:23 . 2008-02-14 23:23 2,151 --a------ D:\button.gif
2008-02-14 23:14 . 2008-02-14 23:14 3,036 --a------ D:\m2klogobig.gif
2008-02-14 23:13 . 2008-02-14 23:13 4,740 --a------ D:\top_logo03.gif
2008-02-14 23:13 . 2008-02-14 23:13 3,972 --a------ D:\logo_m2k.gif
2008-02-14 12:18 . 2008-02-14 12:18 <DIR> d-------- D:\Program Files\Passware
2008-02-14 12:17 . 2008-02-14 12:17 <DIR> d-------- D:\Passware_Kit_Enterprise_v8.1.2807
2008-02-14 00:33 . 2008-02-14 00:36 1,147 --a------ D:\WINDOWS\AZPR3.INI
2008-02-14 00:31 . 2008-02-14 12:03 1,164 --a------ D:\WINDOWS\ARCHPR.INI
2008-02-13 23:28 . 2008-02-13 23:28 <DIR> d-------- D:\how do I get UBCD4 into my easyboot disk_files
2008-02-13 23:28 . 2008-02-13 23:28 51,039 --a------ D:\how do I get UBCD4 into my easyboot disk.htm
2008-02-13 22:32 . 2008-02-13 23:36 214 --a------ D:\WINDOWS\OB1.INI
2008-02-13 15:01 . 2008-02-15 00:35 1,330,933,760 --a------ D:\mboot.iso.uibak
2008-02-13 15:01 . 2008-02-15 00:42 1,330,933,760 --a------ D:\mboot.iso
2008-02-13 14:51 . 2008-02-13 14:51 <DIR> d-------- D:\WINDOWS\vbSkinner
2008-02-13 00:14 . 2008-02-13 00:14 45,798 --a------ D:\MultiBootCD_by_Pretorian.3785014.TPB.torrent
2008-02-13 00:02 . 2008-02-13 00:02 <DIR> d-------- D:\Program Files\uTorrent
2008-02-12 23:40 . 2008-02-12 23:40 6,444 --a------ D:\Rmn-military-header.png
2008-02-12 17:06 . 2008-02-12 17:06 <DIR> d-------- D:\Program Files\SiteEntry
2008-02-12 01:29 . 2008-02-12 01:29 <DIR> d-------- D:\Program Files\REATOGO
2008-02-11 23:11 . 2008-02-11 23:11 <DIR> d-------- D:\Program Files\Google
2008-02-10 01:39 . 2008-02-10 01:39 <DIR> d-------- D:\Program Files\MediaAccumulativeCodec
2008-02-08 22:16 . 2008-02-08 22:16 <DIR> d-------- D:\Program Files\Add Remove Pro
2008-02-08 21:13 . 2008-02-08 21:13 <DIR> d-------- D:\Documents and Settings\Sloba\dwhelper
2008-02-07 23:34 . 2008-02-07 23:34 <DIR> d-------- D:\WINDOWS\AllMedia Grabber
2008-02-07 22:21 . 2008-02-07 22:21 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\Linterweb
2008-02-06 20:46 . 2008-02-06 20:46 <DIR> d-------- D:\Program Files\Lavasoft
2008-02-06 20:46 . 2008-02-06 20:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 20:44 . 2008-02-06 20:44 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 22:35 . 2008-02-04 22:35 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\uTorrent
2008-02-03 21:32 . 2008-02-03 21:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-02-02 22:00 . 2008-02-02 22:00 <DIR> d-------- D:\Program Files\ConsoleClassix.com
2008-02-02 21:13 . 2001-08-17 12:11 66,591 --a------ D:\WINDOWS\system32\drivers\el90xbc5.sys
2008-02-02 21:13 . 2001-08-17 12:11 66,591 --a------ D:\WINDOWS\system32\dllcache\el90xbc5.sys
2008-01-31 20:35 . 2008-01-31 20:35 <DIR> d-------- D:\Documents and Settings\Sale\Senegal (srpski)_files
2008-01-31 20:34 . 2008-01-31 20:34 <DIR> d-------- D:\Documents and Settings\Sale\Senegal (hrvatski)_files
2008-01-31 20:32 . 2008-01-31 20:32 <DIR> d-------- D:\Documents and Settings\Sale\Senegal_files
2008-01-31 17:02 . 2008-01-31 17:02 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\SumatraPDF
2008-01-30 01:13 . 2008-01-30 01:13 <DIR> d-------- D:\Program Files\Christian Ministries Software
2008-01-30 00:50 . 2008-01-30 00:50 <DIR> d-------- D:\Program Files\Total Commander 7.0
2008-01-29 22:45 . 2008-01-29 22:45 <DIR> d-------- D:\Program Files\Setup2Go
2008-01-28 02:18 . 2008-01-30 08:34 532 --a------ D:\WINDOWS\system32\InTLub1.sys
2008-01-28 00:55 . 2008-01-28 00:55 <DIR> d-------- D:\Program Files\Axialis
2008-01-28 00:55 . 2008-01-28 00:55 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\Axialis
2008-01-27 00:52 . 2008-01-27 00:52 <DIR> d-------- D:\Program Files\Innovative Solutions
2008-01-23 21:34 . 2008-01-23 21:34 <DIR> d-------- D:\Esprimo Mobile V5515
2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- D:\Temp\CDCheck
2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- D:\Temp\Cd check
2008-01-16 01:41 . 2008-01-16 01:41 <DIR> d-------- D:\Program Files\DVDInfoPro
2008-01-16 01:08 . 2008-01-16 01:08 <DIR> d-------- D:\Program Files\DVD Identifier

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2008-02-14 23:51 1,945,088 ------w D:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-11 23:27 2,676,736 ------w D:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-11 23:27 1,933,312 ------w D:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-21 23:14 716,272 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-01-17 09:55 11,254,022 ------w D:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-12 23:34 --------- d-----w D:\Program Files\Nero
2008-01-12 23:08 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Nero
2008-01-12 23:05 --------- d-----w D:\Program Files\Common Files\Nero
2008-01-12 11:42 --------- d-----w D:\Program Files\Common Files\SureThing Shared
2008-01-12 11:41 --------- d-----w D:\Program Files\SureThing CD Labeler 5
2008-01-07 00:14 --------- d-----w D:\Program Files\Advanced Font Viewer
2008-01-06 23:38 --------- d-----w D:\Program Files\MikSoftware
2008-01-06 23:22 --------- d-----w D:\Program Files\FontPage
2008-01-06 21:22 693,760 ----a-w D:\WINDOWS\GPInstall.exe
2008-01-05 14:05 1,900 ----a-w D:\Program Files\CFontPro.lnk
2008-01-05 14:05 --------- d-----w D:\Program Files\C Font Pro
2008-01-04 23:52 --------- d-----w D:\Program Files\Light Scribe Tools
2008-01-04 23:15 --------- d-----w D:\Program Files\Acoustica CD Label Maker
2008-01-04 23:15 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Acoustica
2008-01-03 19:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-03 19:31 --------- d-----w D:\Program Files\LightScribeTemplateLabeler
2008-01-03 19:29 --------- d-----w D:\Program Files\LightScribe
2008-01-03 19:28 --------- d-----w D:\Program Files\LightScribe Diagnostic Utility
2008-01-02 23:59 --------- d-----w D:\Documents and Settings\Sloba\Application Data\DISCo
2008-01-01 01:51 --------- d-----w D:\Documents and Settings\Sloba\Application Data\NeroDCTemplates
2008-01-01 01:01 --------- d-----w D:\Program Files\Common Files\LightScribe
2008-01-01 00:57 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2007-12-30 18:21 3,148,800 ------w D:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-28 17:39 43,520 ----a-w D:\WINDOWS\system32\CmdLineExt03.dll
2007-12-27 21:11 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Emulators
2007-12-26 18:50 --------- d-----w D:\Program Files\Aeromgr
2007-12-20 22:06 --------- d-----w D:\Program Files\WexTech
2007-12-20 22:06 --------- d-----w D:\Program Files\Common Files\LHSPF
2007-12-20 22:04 --------- d-----w D:\Program Files\MDT6
2007-12-20 22:04 --------- d-----w D:\Program Files\Common Files\Wextech Shared
2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
2007-12-05 21:02 74,552 ----a-w D:\Documents and Settings\Sloba\Application Data\GDIPFONTCACHEV1.DAT
2007-12-01 19:15 218,624 ----a-w D:\WINDOWS\system32\dllcache\uxtheme.dll
2007-11-15 23:33 3,637,248 ------w D:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-15 23:33 1,745,408 ------w D:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-13 15:50 2,751,488 ------w D:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-13 15:50 1,675,264 ------w D:\WINDOWS\Internet Logs\xDB4.tmp
2007-08-31 12:25 2,933,760 ------w D:\WINDOWS\Internet Logs\xDB2.tmp
2007-07-30 18:45 332,288 ------w D:\WINDOWS\Internet Logs\xDB1.tmp
2000-07-23 11:27 16 ----a-w D:\Documents and Settings\Sloba\Application Data\mrsvr92d.dat
2001-08-23 11:00 253,952 --sha-w D:\WINDOWS\system32\msvcrt20.dll
2004-08-03 21:56 343,040 --sha-w D:\WINDOWS\system32\msvcrt.dll
2004-08-03 21:56 611,328 --sha-w D:\WINDOWS\system32\comctl32.dll
2004-08-03 21:56 413,696 --sha-w D:\WINDOWS\system32\msvcp60.dll
2004-08-03 21:56 1,028,096 --sha-w D:\WINDOWS\system32\mfc42.dll
2004-08-03 21:56 30,749 --sha-w D:\WINDOWS\system32\vbajet32.dll
2007-11-11 22:04 952 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-11-11 22:04 8 --sh--r D:\WINDOWS\system32\F99EB917F5.sys
2004-08-03 21:56 611,328 --sha-w D:\WINDOWS\system32\dllcache\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 12:24 47104 D:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 106544 D:\WINDOWS\system32\TWEAKUI.CPL]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]
"IE Privacy Keeper"="D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-04-30 11:12 962560]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=D:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2006-11-08 18:28 155751 D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolWallpaperSoftware]
--a------ 2005-08-08 09:50 57344 D:\Program Files\Coolwallpaper\cwm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2005-11-17 12:05 497152 D:\Program Files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-11 23:11 29744 D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 20:32 208952 D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 20:32 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 20:32 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerMenu]
D:\WINDOWS\system32\powermenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2004-08-11 06:42 548864 D:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 03:36 36975 D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-03-09 01:02 919280 D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Autodesk Licensing Service"=3 (0x3)

R0 sojubus;sojubus;D:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;D:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 nxsIO32;NextSensor Kernel I/O Driver;D:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-08-19 02:43]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 23:11]
S3 iadusb;MT882;D:\WINDOWS\system32\DRIVERS\glauiad.sys []
S3 mpr_freader;MPR FileReader Driver;D:\DOCUME~1\Sloba\LOCALS~1\Temp\RarSFX0\mpr_freader.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67505836-a766-11dc-8c28-ad6d44594a9c}]
\Shell\AutoRun\command - H:\PStart.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-02-16 22:54:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-16 22:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 21:56:28

Poslao: 16 Feb 2008 15:59
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Sa ove liste dole zipuj (svaki posebno) i pošalji na upload sve što ti nije poznato da si ti instalirao i da provereno znaš čemu služi. Možda je potrebno da uključiš prikaz skrivenih fajlova kako bi neke od njih mogao da pronađeš preko explorera.

D:\Program Files\SiteEntry (kompletan sadržaj foldera)
D:\Program Files\MediaAccumulativeCodec (kompletan sadržaj foldera)

D:\WINDOWS\system32\InTLub1.sys
D:\WINDOWS\GPInstall.exe
D:\WINDOWS\system32\F99EB917F5.sys
-----------------------

Obavesti u temi kada i šta si upload-ovao.
Link za upload:
[Link mogu videti samo ulogovani korisnici]

Poslao: 16 Feb 2008 21:41
Idi na vrh
offline
  • Pridružio: 10 Okt 2005
  • Poruke: 13526
  • Gde živiš: Beograd

Uploado-ovao sam (17. feb. u 21h 40min) sve sa spiska:

F99EB917F5.zip
GPInstall.zip
InTLub1.zip
MediaAccumulativeCodec.zip
SiteEntry.zip
(SiteEntry folder je prazan, ali hteo sam da uradim domaći zadatak kako treba.)

Poslao: 17 Feb 2008 14:14
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Obriši folder "D:\Program Files\MediaAccumulativeCodec". Ostalo sto sam proveravao je čisto.

Testiraj pa javi ima li poboljšanja..

Poslao: 23 Feb 2008 21:14
Idi na vrh
offline
  • Pridružio: 10 Okt 2005
  • Poruke: 13526
  • Gde živiš: Beograd

Obrisao sam MediaAccumulativeCodec folder, pratiću da li to utiče na rad neke aplikacije, pa se javljam za koji dan!
Hvala!

Dopuna: 23 Feb 2008 21:14

Kao što sam obećao, javljam šta se dešava sa mojim problemom. Za sada ni jedna aplikacija ne otkazuje poslušnost, tako da nema nikakvih posledica kad sam obrisao MediaAccumulativeCodec. A usporavanje kompjutera je, čini mi se, manje. U svakom slučaju, ne utiče na rad.
Hvala na trudu i utrošenom vremenu.

MyCity » Ambulanta -> Arhiva Ambulante » Provera, molim vas...

Ko je trenutno na forumu
 

Ukupno su 911 korisnika na forumu :: 175 registrovanih, 10 sakrivenih i 726 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4thFlavian, AC-DC, airliners, ALEKSICMILE, Andrija357, asdfjklc, Asparagus, Asteker, Avalon015, avijacija, babaroga, bilisrbija, blankspace, Bobrock1, Bodin86, bojan581, Bojcca, Boris.A, boromir, Boroš, Bosnjo, brkan1, cartman, ccoogg123, cenejac111, Civa, CORDEIRO, cyprus, darios, dearg, dejandr, delboy, Dioniss, DjomlaHomer, djukapfc, dmrdc, Doc, dok80, Dragan7777, draganl, dragoljub11987, drimer, Drugard72, dunavzed, Dungorth, dusan.l, DuškoMraz, Dzoni70, Džekson, Electron, Faki-Valjevo, foksmolder, galerija, Georgius, Gitzherai, Goran_, gost321, goxin, gregorxix, Grochow, ibssa, Igor Antonic, ilija.24, Ir, IvanM1984, Ivanmateja, jaka013, Jaxupa, Jeremiah, Kapetan Hadok, king011, king111, KizJ, KnjazMilos, Kobrim, Koja79, komsija1, kreker, Kruger, Lazur_01, Leonov, Lobo, lord sir giga, Lucky 6, LUDI, luka35, Magistar78, Malahit, Mamadu, Manjane, MarkoDzimi, MaschinenPistole, Mcdado, mercedesamg, Mig 29, Mihajlo, Milan A. Nikolic, milutin134, MiroslavD, mm1811, mocnijogurt, moldway, monomah, Mrav Obrad, narandzasti, Ne doznajem se u oružje, Neno25, neutrino, nevjerna beba, Niki2024, Nikoletina Bursac, Nomica, OgnjenMitric, operniki, Paklenica, Pale2025, Perudin_92, perunnurep, Petarvu, peterpozar97, Petrusci, pisac12, procesor, proka1ng, proka89, proljece, Prometeus, Radio operater, RajkoB, raketaš, RileHerc, rodoljub, Romibrat, S2M, sabros, SamostalniReferent, SANDRO1973, saputnik plavetnila, Savantije, shlauf, Sir Budimir, sistem22, siwoti, sonico, Srdjadj70, sspp, Steeeefan, Stoorb, suton, SympathyForTheDevil, synergia, tachinni, tajvankanasta, tm, Tomo988, Toper, tuf, Uros Cuore Sportivo, Valter071, Vanderx, Vanja_03, vjetar, vlad84, Vlada78, Volkhov-M, Walkers, Woya, x011, Zandar, zdrebac, Zeljo980, Zemunikola, zombicar153, Zoran1959, 79693