Provera, molim vas...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

WinXP SP2, Zone Alarm 7.0.33 free, Kaspersky AV 6.0.1 Telekom ADSL 512/64, Firefox 2.0.0.3

Dešava se (posebno kad sam na net-u), da računar upadljivo sporije reaguje na kliktanje mišem na ikone pri otvaranju nekog programa ili pri prelasku iz taba u tab u FFox-u. Isto je i sa alternativnim komandama sa tastature (Alt+Tab)... Mirnije ću spavati ako pregledate donji log.
Hvala!




Logfile of HijackThis v1.99.1
Scan saved at 21:22:58, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Documents and Settings\Sloba\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samlab.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = d:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [IE Privacy Keeper] "D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Total Commander.lnk = D:\Total Commander\Totalcmd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi sa FlashGet-om - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Prevedi sa Di recnikom - D:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858-) - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccess - Unknown owner - D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozz

Jesi li ti postavio google.ru i samlab.ru kao home page za IE ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam, IE nisam otvorio odavno... I na FFox-u i IE-u startna strana mi je blank. Jedino ako klinac nešto nije čačkao... Evo, vratio sam na blank, restartovao IE i sa mi ne otvara samlab.ru Šta dalje da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pazi.. sem tih linija koje su mi bile čudne nisam nadalje primetio ništa sporno u logu koji si postavio.

Šta dalje ?
Probaćemo sa ComboFix-om, možda on pokaže nešto konkretnije. Proveru tog loga očekuj sutra.

Evo ga uputstvo za CF.
---------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ComboFix loga:

ComboFix 08-02-16.2 - Sloba 2008-02-15 22:43:30.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT 1:00]
Running from: D:\Documents and Settings\Sloba\My Documents\My Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\kdrth.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-14 23:29 . 2008-02-14 23:06 921,654 --a------ D:\BACK.BMP
2008-02-14 23:28 . 2008-02-14 23:28 5,998 --a------ D:\Hiren_s_BootCD.gif
2008-02-14 23:25 . 2008-02-14 23:25 14,182 --a------ D:\vc_logo2.gif
2008-02-14 23:23 . 2008-02-14 23:23 2,151 --a------ D:\button.gif
2008-02-14 23:14 . 2008-02-14 23:14 3,036 --a------ D:\m2klogobig.gif
2008-02-14 23:13 . 2008-02-14 23:13 4,740 --a------ D:\top_logo03.gif
2008-02-14 23:13 . 2008-02-14 23:13 3,972 --a------ D:\logo_m2k.gif
2008-02-14 12:18 . 2008-02-14 12:18 <DIR> d-------- D:\Program Files\Passware
2008-02-14 12:17 . 2008-02-14 12:17 <DIR> d-------- D:\Passware_Kit_Enterprise_v8.1.2807
2008-02-14 00:33 . 2008-02-14 00:36 1,147 --a------ D:\WINDOWS\AZPR3.INI
2008-02-14 00:31 . 2008-02-14 12:03 1,164 --a------ D:\WINDOWS\ARCHPR.INI
2008-02-13 23:28 . 2008-02-13 23:28 <DIR> d-------- D:\how do I get UBCD4 into my easyboot disk_files
2008-02-13 23:28 . 2008-02-13 23:28 51,039 --a------ D:\how do I get UBCD4 into my easyboot disk.htm
2008-02-13 22:32 . 2008-02-13 23:36 214 --a------ D:\WINDOWS\OB1.INI
2008-02-13 15:01 . 2008-02-15 00:35 1,330,933,760 --a------ D:\mboot.iso.uibak
2008-02-13 15:01 . 2008-02-15 00:42 1,330,933,760 --a------ D:\mboot.iso
2008-02-13 14:51 . 2008-02-13 14:51 <DIR> d-------- D:\WINDOWS\vbSkinner
2008-02-13 00:14 . 2008-02-13 00:14 45,798 --a------ D:\MultiBootCD_by_Pretorian.3785014.TPB.torrent
2008-02-13 00:02 . 2008-02-13 00:02 <DIR> d-------- D:\Program Files\uTorrent
2008-02-12 23:40 . 2008-02-12 23:40 6,444 --a------ D:\Rmn-military-header.png
2008-02-12 17:06 . 2008-02-12 17:06 <DIR> d-------- D:\Program Files\SiteEntry
2008-02-12 01:29 . 2008-02-12 01:29 <DIR> d-------- D:\Program Files\REATOGO
2008-02-11 23:11 . 2008-02-11 23:11 <DIR> d-------- D:\Program Files\Google
2008-02-10 01:39 . 2008-02-10 01:39 <DIR> d-------- D:\Program Files\MediaAccumulativeCodec
2008-02-08 22:16 . 2008-02-08 22:16 <DIR> d-------- D:\Program Files\Add Remove Pro
2008-02-08 21:13 . 2008-02-08 21:13 <DIR> d-------- D:\Documents and Settings\Sloba\dwhelper
2008-02-07 23:34 . 2008-02-07 23:34 <DIR> d-------- D:\WINDOWS\AllMedia Grabber
2008-02-07 22:21 . 2008-02-07 22:21 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\Linterweb
2008-02-06 20:46 . 2008-02-06 20:46 <DIR> d-------- D:\Program Files\Lavasoft
2008-02-06 20:46 . 2008-02-06 20:46 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 20:44 . 2008-02-06 20:44 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 22:35 . 2008-02-04 22:35 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\uTorrent
2008-02-03 21:32 . 2008-02-03 21:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-02-02 22:00 . 2008-02-02 22:00 <DIR> d-------- D:\Program Files\ConsoleClassix.com
2008-02-02 21:13 . 2001-08-17 12:11 66,591 --a------ D:\WINDOWS\system32\drivers\el90xbc5.sys
2008-02-02 21:13 . 2001-08-17 12:11 66,591 --a------ D:\WINDOWS\system32\dllcache\el90xbc5.sys
2008-01-31 20:35 . 2008-01-31 20:35 <DIR> d-------- D:\Documents and Settings\Sale\Senegal (srpski)_files
2008-01-31 20:34 . 2008-01-31 20:34 <DIR> d-------- D:\Documents and Settings\Sale\Senegal (hrvatski)_files
2008-01-31 20:32 . 2008-01-31 20:32 <DIR> d-------- D:\Documents and Settings\Sale\Senegal_files
2008-01-31 17:02 . 2008-01-31 17:02 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\SumatraPDF
2008-01-30 01:13 . 2008-01-30 01:13 <DIR> d-------- D:\Program Files\Christian Ministries Software
2008-01-30 00:50 . 2008-01-30 00:50 <DIR> d-------- D:\Program Files\Total Commander 7.0
2008-01-29 22:45 . 2008-01-29 22:45 <DIR> d-------- D:\Program Files\Setup2Go
2008-01-28 02:18 . 2008-01-30 08:34 532 --a------ D:\WINDOWS\system32\InTLub1.sys
2008-01-28 00:55 . 2008-01-28 00:55 <DIR> d-------- D:\Program Files\Axialis
2008-01-28 00:55 . 2008-01-28 00:55 <DIR> d-------- D:\Documents and Settings\Sloba\Application Data\Axialis
2008-01-27 00:52 . 2008-01-27 00:52 <DIR> d-------- D:\Program Files\Innovative Solutions
2008-01-23 21:34 . 2008-01-23 21:34 <DIR> d-------- D:\Esprimo Mobile V5515
2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- D:\Temp\CDCheck
2008-01-16 21:59 . 2008-01-16 22:00 <DIR> d-------- D:\Temp\Cd check
2008-01-16 01:41 . 2008-01-16 01:41 <DIR> d-------- D:\Program Files\DVDInfoPro
2008-01-16 01:08 . 2008-01-16 01:08 <DIR> d-------- D:\Program Files\DVD Identifier

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 21:51 32 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat
2008-02-14 23:51 1,945,088 ------w D:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-11 23:27 2,676,736 ------w D:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-11 23:27 1,933,312 ------w D:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-21 23:14 716,272 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-01-17 09:55 11,254,022 ------w D:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-12 23:34 --------- d-----w D:\Program Files\Nero
2008-01-12 23:08 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Nero
2008-01-12 23:05 --------- d-----w D:\Program Files\Common Files\Nero
2008-01-12 11:42 --------- d-----w D:\Program Files\Common Files\SureThing Shared
2008-01-12 11:41 --------- d-----w D:\Program Files\SureThing CD Labeler 5
2008-01-07 00:14 --------- d-----w D:\Program Files\Advanced Font Viewer
2008-01-06 23:38 --------- d-----w D:\Program Files\MikSoftware
2008-01-06 23:22 --------- d-----w D:\Program Files\FontPage
2008-01-06 21:22 693,760 ----a-w D:\WINDOWS\GPInstall.exe
2008-01-05 14:05 1,900 ----a-w D:\Program Files\CFontPro.lnk
2008-01-05 14:05 --------- d-----w D:\Program Files\C Font Pro
2008-01-04 23:52 --------- d-----w D:\Program Files\Light Scribe Tools
2008-01-04 23:15 --------- d-----w D:\Program Files\Acoustica CD Label Maker
2008-01-04 23:15 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Acoustica
2008-01-03 19:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-03 19:31 --------- d-----w D:\Program Files\LightScribeTemplateLabeler
2008-01-03 19:29 --------- d-----w D:\Program Files\LightScribe
2008-01-03 19:28 --------- d-----w D:\Program Files\LightScribe Diagnostic Utility
2008-01-02 23:59 --------- d-----w D:\Documents and Settings\Sloba\Application Data\DISCo
2008-01-01 01:51 --------- d-----w D:\Documents and Settings\Sloba\Application Data\NeroDCTemplates
2008-01-01 01:01 --------- d-----w D:\Program Files\Common Files\LightScribe
2008-01-01 00:57 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2007-12-30 18:21 3,148,800 ------w D:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-28 17:39 43,520 ----a-w D:\WINDOWS\system32\CmdLineExt03.dll
2007-12-27 21:11 --------- d-----w D:\Documents and Settings\Sloba\Application Data\Emulators
2007-12-26 18:50 --------- d-----w D:\Program Files\Aeromgr
2007-12-20 22:06 --------- d-----w D:\Program Files\WexTech
2007-12-20 22:06 --------- d-----w D:\Program Files\Common Files\LHSPF
2007-12-20 22:04 --------- d-----w D:\Program Files\MDT6
2007-12-20 22:04 --------- d-----w D:\Program Files\Common Files\Wextech Shared
2007-12-14 10:32 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe
2007-12-05 21:02 74,552 ----a-w D:\Documents and Settings\Sloba\Application Data\GDIPFONTCACHEV1.DAT
2007-12-01 19:15 218,624 ----a-w D:\WINDOWS\system32\dllcache\uxtheme.dll
2007-11-15 23:33 3,637,248 ------w D:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-15 23:33 1,745,408 ------w D:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-13 15:50 2,751,488 ------w D:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-13 15:50 1,675,264 ------w D:\WINDOWS\Internet Logs\xDB4.tmp
2007-08-31 12:25 2,933,760 ------w D:\WINDOWS\Internet Logs\xDB2.tmp
2007-07-30 18:45 332,288 ------w D:\WINDOWS\Internet Logs\xDB1.tmp
2000-07-23 11:27 16 ----a-w D:\Documents and Settings\Sloba\Application Data\mrsvr92d.dat
2001-08-23 11:00 253,952 --sha-w D:\WINDOWS\system32\msvcrt20.dll
2004-08-03 21:56 343,040 --sha-w D:\WINDOWS\system32\msvcrt.dll
2004-08-03 21:56 611,328 --sha-w D:\WINDOWS\system32\comctl32.dll
2004-08-03 21:56 413,696 --sha-w D:\WINDOWS\system32\msvcp60.dll
2004-08-03 21:56 1,028,096 --sha-w D:\WINDOWS\system32\mfc42.dll
2004-08-03 21:56 30,749 --sha-w D:\WINDOWS\system32\vbajet32.dll
2007-11-11 22:04 952 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-11-11 22:04 8 --sh--r D:\WINDOWS\system32\F99EB917F5.sys
2004-08-03 21:56 611,328 --sha-w D:\WINDOWS\system32\dllcache\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-16 12:24 47104 D:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 16:03 106544 D:\WINDOWS\system32\TWEAKUI.CPL]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]
"IE Privacy Keeper"="D:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-04-30 11:12 962560]
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=D:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2006-11-08 18:28 155751 D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolWallpaperSoftware]
--a------ 2005-08-08 09:50 57344 D:\Program Files\Coolwallpaper\cwm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2005-11-17 12:05 497152 D:\Program Files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-02-11 23:11 29744 D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 20:32 208952 D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2005-09-25 19:11 155648 D:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 20:32 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 20:32 455168 D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerMenu]
D:\WINDOWS\system32\powermenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QNPlus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2004-08-11 06:42 548864 D:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 03:36 36975 D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-03-09 01:02 919280 D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Autodesk Licensing Service"=3 (0x3)

R0 sojubus;sojubus;D:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;D:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 nxsIO32;NextSensor Kernel I/O Driver;D:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2007-08-19 02:43]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 23:11]
S3 iadusb;MT882;D:\WINDOWS\system32\DRIVERS\glauiad.sys []
S3 mpr_freader;MPR FileReader Driver;D:\DOCUME~1\Sloba\LOCALS~1\Temp\RarSFX0\mpr_freader.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67505836-a766-11dc-8c28-ad6d44594a9c}]
\Shell\AutoRun\command - H:\PStart.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"D:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 22:54:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-16 22:56:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 21:56:28

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sa ove liste dole zipuj (svaki posebno) i pošalji na upload sve što ti nije poznato da si ti instalirao i da provereno znaš čemu služi. Možda je potrebno da uključiš prikaz skrivenih fajlova kako bi neke od njih mogao da pronađeš preko explorera.

D:\Program Files\SiteEntry (kompletan sadržaj foldera)
D:\Program Files\MediaAccumulativeCodec (kompletan sadržaj foldera)

D:\WINDOWS\system32\InTLub1.sys
D:\WINDOWS\GPInstall.exe
D:\WINDOWS\system32\F99EB917F5.sys
-----------------------

Obavesti u temi kada i šta si upload-ovao.
Link za upload:
http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploado-ovao sam (17. feb. u 21h 40min) sve sa spiska:

F99EB917F5.zip
GPInstall.zip
InTLub1.zip
MediaAccumulativeCodec.zip
SiteEntry.zip
(SiteEntry folder je prazan, ali hteo sam da uradim domaći zadatak kako treba.)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši folder "D:\Program Files\MediaAccumulativeCodec". Ostalo sto sam proveravao je čisto.

Testiraj pa javi ima li poboljšanja..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obrisao sam MediaAccumulativeCodec folder, pratiću da li to utiče na rad neke aplikacije, pa se javljam za koji dan!
Hvala!

Dopuna: 23 Feb 2008 21:14

Kao što sam obećao, javljam šta se dešava sa mojim problemom. Za sada ni jedna aplikacija ne otkazuje poslušnost, tako da nema nikakvih posledica kad sam obrisao MediaAccumulativeCodec. A usporavanje kompjutera je, čini mi se, manje. U svakom slučaju, ne utiče na rad.
Hvala na trudu i utrošenom vremenu.