[ morihei ueshiba @ 08.04.2013. 13:41 ] @
Obicno sam dosada resavao sam probleme koristeci pomoc sa foruma, ali ovog puta me izludjuje problem. Nista strasno, pre izvesnog vremena sistem je poceo da usporava. Prvo podizanje, onda sam rad, pa je Opera pocela da blokira otvorene tabove i jedini nacin da se pokrene je bio restart (Opere). sad je poceo i Firefox... Podizanje sistema je vecnost, iskljucio sam wuauclt.exe koji je drzao jedno 10 min zauzetu memoriju dok se ne stabilizuje, medjutim nema neke promene. Startup sveo na minimum koji mi je potreban, ali nista. Uradio ciscenje, defragmentaciju, prostora na particijama ima valjda dovoljno (na C 20%, na drugoj 12-13 % , malo je tesno, ali ne bi trebalo da stvara probleme). Koristim TuneUp 2008 godinama i uvek mi je radio posao bez greske na svim konfiguracijama koje sam imao...
Uglavnom, veoma usporeno se podizu programi, a juce mi se pojavio i BSOD, tako da je vreme da neko mnogo strucniji ovo resava.
Sledeci uputstva sa http://www.elitesecurity.org/t...gnostika-kreiranje-log-fajlova napravio sam log koji se moze videti na
file://localhost/C:/Documents%20and%20Settings/Giorgio/Desktop/Zastita/osam.html
pa ako je neko raspolozen da pocnemo sa resavanjem problema.
Inace je u pitanju Dell precision M90
XP SP3
Intel Core2
T5500 1,66 GHz
2 Gb RAM

Inace, komp sam nasledio, prepun je vaznih podataka razbacanih na raznim mestima (ukljucujuci i sifre koje mi prethodnik nije ostavio pa je vrlo verovatno da cu izgubiti pristup nekim stvarima ako formatiram C), uradio sam backup koliko sam mogao, ali stvarno bih izbegao formatiranje koliko god je moguce. Koristim ga uglavnom kada sam na putu, a u zadnje vreme je to cest slucaj, moguce je da sam negde nesto pokupio od nekih flashova koje sam ubacivao. Pojma nemam.
Nazalost, mada sam uglavnom jedini korisnik, u zadnje vreme sam ga ostavljao drugima koji su ga koristili i od tada se i javljaju problemi.

Eto, ako neko ima vremena...
[ Aleksandar Maletic @ 08.04.2013. 14:11 ] @
Pozdrav! Nisi prikačio log fajl, pokušaj ponovo.
[ morihei ueshiba @ 08.04.2013. 14:23 ] @
Pozdrav, svaka cast na brzini :)
evo ga iz txt:

Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 13:59:58 on 08.04.2013

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 12.14

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"RealUpgradeLogonTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job" - "RealNetworks, Inc." - C:\Programmi\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job" - "RealNetworks, Inc." - C:\Programmi\Real\RealUpgrade\realupgrade.exe
"1-Click Maintenance.job" - "TuneUp Software GmbH" - C:\Programmi\TuneUp Utilities 2008\OneClick.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programmi\Windows Defender\MpCmdRun.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programmi\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programmi\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"bdeadmin.cpl" - ? - C:\WINDOWS\system32\bdeadmin.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NicConfigSvc.cpl" - "Dell Inc." - C:\WINDOWS\system32\NicConfigSvc.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\plotman.cpl
"S7epaepx.cpl" - "SIEMENS AG" - C:\WINDOWS\system32\S7epaepx.cpl
"S7EPATDX.CPL" - "SIEMENS AG" - C:\WINDOWS\system32\S7EPATDX.CPL
"stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Programmi\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"avgntflt" (avgntflt) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira Operations GmbH & Co. KG" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"cpuz132" (cpuz132) - ? - C:\DOCUME~1\Giorgio\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"KeyP" (KeyP) - "Microsoft Corporation" - C:\WINDOWS\system32\DRIVERS\KeyP.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PLCHW" (PLCHW) - ? - C:\WINDOWS\System32\Drivers\PLCHW.SYS (File found, but it contains no detailed information)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"s7oppitx" (s7oppitx) - "SIEMENS AG" - C:\WINDOWS\System32\Drivers\S7oppitx.sys
"s7otranx" (s7otranx) - "SIEMENS AG" - C:\WINDOWS\System32\Drivers\S7otranx.sys
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys
"Sentinel" (Sentinel) - "Rainbow Technologies, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS
"Siemens PC/PPI Cable" (S7oppilx) - "SIEMENS AG" - C:\WINDOWS\System32\Drivers\S7oppilx.sys
"SIMATIC Industrial Ethernet (ISO)" (SNTIE) - "Siemens AG" - C:\WINDOWS\System32\DRIVERS\sntie.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Trasporto WLAN" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
"VMware Bridge Protocol" (VMnetBridge) - ? - C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys (File not found)
"VMware Network Application Interface" (VMnetuserif) - ? - C:\WINDOWS\system32\drivers\vmnetuserif.sys (File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys (File not found)
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - /C:/DOCUME~1/Giorgio/IMPOST~1/Temp/msohtmlclip1/01/clip_image002.jpg (File not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{8A69D345-D564-463c-AFF1-A69D9E530F96} "Google Chrome" - "Google Inc." - "C:\Programmi\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programmi\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "ShellExecuteHook antimalware di Microsoft" - "Microsoft Corporation" - c:\PROGRA~1\WIFD1F~1\MpShHook.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6DEA92E9-8682-4b6a-97DE-354772FE5727} "ACDWFTHMBPRXY" - "Autodesk" - C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk" - C:\WINDOWS\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk" - C:\Programmi\File comuni\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programmi\Windows Live\Mail\mailcomm.dll
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{21D928D4-4850-45E3-9982-AD57051ECD42} "EdrawingThumbNailProvider Class" - "Dassault Systèmes SolidWorks Corp." - C:\Programmi\File comuni\eDrawings2009\edrwthumbnailprovider.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Estensione panoramica video del Pannello di controllo" - ? - (File not found | COM-object registry key not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Estensioni shell per la compressione dei file" - ? - (File not found | COM-object registry key not found)
{59A3380E-5305-4cea-BD99-4F2FF510C91F} "FineReader9ContextMenu" - ? - (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programmi\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programmi\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programmi\Logitech\SetPoint\mcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Menu di scelta rapida di crittografia" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobile Device" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programmi\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programmi\File comuni\Nero\Lib\NeroDigitalExt.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F8B4672E-1F26-4828-A33B-C439B1F3AEEF} "PdfGrabber 6 Context Menu Shell Extension" - "PixelPlanet" - C:\PROGRA~1\PIXELP~1\PDFGRA~1.0\PDFGRA~2.DLL
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programmi\PowerISO\PWRISOSH.DLL
{9E6C9AB4-B9BD-481D-8D8B-70D739B71312} "RdxShlExt Class" - ? - C:\Programmi\RD1000\ShlExt\RdxExt.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programmi\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programmi\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programmi\TuneUp Utilities 2008\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programmi\File comuni\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\PhotoViewerShim.dll
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programmi\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programmi\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found)
<binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{12545791-AC9A-44B2-8964-0DA216C4A4E5} "Cnsweb3d Control" - "Cadenas GmbH" - C:\WINDOWS\DOWNLO~1\cnsweb3d.ocx / http://www.partserver.com/partserver/viewer/cnsweb3d/cnsweb3d.cab
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} "Controllo AcDc oggi" - "Autodesk" - C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX / file://C:\Programmi\AutoCAD LT 2000i Ita\AcDcToday.ocx
{F281A59C-7B65-11D3-8617-0010830243BD} "Controllo AcPreview" - "Autodesk" - C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX / file://C:\Programmi\AutoCAD LT 2000i Ita\AcPreview.ocx
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre1.6.0_02\bin\npjpi160_02.dll / http://java.sun.com/update/1.6...tall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre1.6.0_22\bin\npjpi160_22.dll / http://java.sun.com/update/1.6...tall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\bin\npjpi160_24.dll / http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\bin\npjpi160_24.dll / http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\bin\npjpi160_24.dll / http://java.sun.com/update/1.6...tall-1_6_0_24-windows-i586.cab
{1F831FA9-42FC-11D4-95A6-0080AD30DCE1} "NOXLATE" - "Autodesk, Inc." - C:\WINDOWS\DOWNLO~1\InstFred.ocx / file://C:\Programmi\AutoCAD LT 2000i Ita\InstFred.ocx
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx / http://download.macromedia.com...ockwave/cabs/flash/swflash.cab
{31435657-9980-0010-8000-00AA00389B71} "{31435657-9980-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / http://download.microsoft.com/...-adab-ab9c403a978f/wvc1dmo.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / http://java.sun.com/update/1.5...tall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Objavi ovo u blogu" - "Microsoft Corporation" - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live pomagač za prijavljivanje" - "Microsoft Corporation" - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Menu Avvio\Programmi\Esecuzione automatica )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programmi\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists)
-----( %UserProfile%\Menu Avvio\Programmi\Esecuzione automatica )-----
"desktop.ini" - ? - C:\Documents and Settings\Giorgio\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Programmi\iTunes\iTunesHelper.exe"
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet
"SigmatelSysTrayApp" - "SigmaTel, Inc." - stsystra.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\WINDOWS\system32\cpwmon2k.dll (File found, but it contains no detailed information)
"EPSON Stylus Photo R285 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBCKE.DLL
"EPSON Stylus Photo RX420 Series 2KMonitor5E" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLM9CE.DLL
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\WINDOWS\system32\KMPJLMN.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
" Servizio Bonjour" (Bonjour Service) - "Apple Inc." - C:\Programmi\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Scheduler" (AntiVirScheduler) - "Avira Operations GmbH & Co. KG" - C:\Programmi\Avira\AntiVir Desktop\sched.exe
"Avira Real-Time Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programmi\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - C:\Programmi\NOS\bin\getPlus_HelperSvc.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programmi\Java\jre6\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe
"NICCONFIGSVC" (NICCONFIGSVC) - "Dell Inc." - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"RDXmon 1.12" (RDXmon) - ? - C:\Programmi\RD1000\Service\RDXmon.exe (File found, but it contains no detailed information)
"Servizio iPod" (iPod Service) - "Apple Inc." - C:\Programmi\iPod\bin\iPodService.exe
"Servizio stato di ASP.NET" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"SIMATIC IEPG Help Service" (s7oiehsx) - "SIEMENS AG" - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
"TuneUp Drive Defrag Service" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp Theme Extension" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\WINDOWS\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\WINDOWS\system32\vmnat.exe
"Windows Defender" (WinDefend) - "Microsoft Corporation" - c:\Programmi\Windows Defender\MsMpEng.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programmi\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===



[Ovu poruku je menjao morihei ueshiba dana 08.04.2013. u 17:34 GMT+1]
[ Aleksandar Maletic @ 08.04.2013. 17:31 ] @
Vidim da si pokretao ComboFix, nemoj to sam da radiš ubuduće.
Da li si ažurirao Aviru i odradio kompletno skeniranje? Jel prijavljuje nešto?
[ morihei ueshiba @ 08.04.2013. 21:11 ] @
Combofix sam pokrenuo jednom resavajuci slican problem, a da prethodno nisam ukapirao da mogu da zabrljam :) uglavnom sam ga resio koristeci DrWeb i slicne alate, sve je proslo dobro. Ali mi sad izgleda daleko ozbiljnije, pa rek'o da se ne igram - bolje odmah kod doktora :)
Rucno sam uradio update avire, pokrenuo skeniranje, onda je zapela na 45% i ni makac. Sad sam pokrenuo opet pa cu da je pustim do sutra, sporo to nesto ide.
U medjuvremenu ti postavljam slike task manager-a neposredno posle dizanja sistema bez pokrenutih programa, cisto da vidis da li ima neki sumnjiv proces.
I sada dok radi samo opera i avira, zauzece procesora je nekih 50-tak %. Ne bi trebalo da bude problema, ali je ipak sve toliko usporeno da ocigledno ima nesto sto koci procese.
Evo, opet je zakocio scan i ne mrda. Saljem ti screen shot, pojma nemam da li ima nameru da nastavi sa scanom.

edit: nastavila je sa skeniranjem, ali izgleda da nece zavrsiti do sutra

[Ovu poruku je menjao morihei ueshiba dana 08.04.2013. u 22:26 GMT+1]
[ Aleksandar Maletic @ 09.04.2013. 01:11 ] @
Ne bih rekao da je neki nezvani gost. Ukoliko se BSOD pojavio na tom sistemu, preuzmi WhoCrashed.
Odradi analizu pa mi iskopiraj izveštaj počevši od System Information pa na dole.
[ morihei ueshiba @ 09.04.2013. 10:24 ] @
Evo izvestaja iz trece smene
Avira je nasla nesto sitno, ne znam koliko je ozbiljno, uglavnom tu je log zakacen.
Who Crashed kaze:

System Information (local)
--------------------------------------------------------------------------------

computer name: SMC
windows version: Windows XP Service Pack 3, 5.1, build: 2600
windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2145460224 total
VM: 2147352576, free: 2051461120




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Sad cu da restartujem da vidim kako se ponasa, pa cu da izvestim.
edit: nista, i dalje kao Windows ME na bensedinu. Nista ne crashuje, ali sve aktivnosti se podizu kao pod rucnom kocnicom


[Ovu poruku je menjao morihei ueshiba dana 09.04.2013. u 11:46 GMT+1]
[ Aleksandar Maletic @ 09.04.2013. 11:17 ] @
Sa ovakvom konfiguracijom Windows XP bi trebao da radi kao sat.

• Preuzmi Autoruns
• Raspakuj arhivu na Desktop.
• Pokreni autoruns.
• Odaberi karticu Logon -
• Napravi screenshot te kartice; pritisni dugme Print Screen na tastaturi, zatim otvori Paint, odaberi karticu Edit i klikni na Paste; sliku sačuvaj na Desktop, a zatim prikači uz novu poruku).

Šta konkretno usporava, neki proces ili sistem uopšteno?
[ morihei ueshiba @ 09.04.2013. 11:39 ] @
Evo Autoruns u prilogu.
Prvo je pocelo usporeno podizanje sistema, zatim je Opera pocela da blokira posle nekoliko otvorenih tabova ne mogu vise da otvaram nove niti da gasim otvorene, reaguje samo X dugme. Onda joj treba neko vreme da bi zaustavila proces i da bi se pokrenula iznova (mada se to desava vec duze vreme sa Operom. Sad sam preuzeo najnoviju verziju pa cemo videti). Znala je da crachuje momentalno kada pokusam da otvorim KeepVid, da bi u sledecem pokusaju islo normalno. Nekad me izvestavala da mi fali Flash Player za pregled snimaka na YT, medjutim posle restarta radi normalno...Sve vreme sam mislio da je do Opere, ali sad je ceo sistem poceo da zeza i da se mnogo sporije dize nego pre, kao i svi programi koje pokrecem.
Nego, posle nocasnjeg scana od Avire i pronadjenih onih par virusa, cini mi se da sistem nesto bolje radi, gledam sad u Task Manager i zauzece procesora je na 20-tak%, za razliku od pre kad je bio konstantno oko 50%.
Zatrazio sam pomoc pre svega zbog BSOD, jer mu se to nije ranije desavalo. Ranije je i sistem radio brze, sad se ponasa kao da ga nesto koci. Ali videcemo u toku dana sta se desava, zasad evo screenshot pa vidi da li ima nesto neobicno.
[ kristi1 @ 09.04.2013. 12:51 ] @
Ne moze to tako da se vidi, uradi ovako:



Preuzmi OTL na desktop http://oldtimer.geekstogo.com/OTL.exe

Dvoklikom pokreni OTL;

klikni Run Scan;

Po završetku skeniranja, izveštaj ce se otvoriti u Notepad-u.

Kopiraj mi OTL.txt log.
[ morihei ueshiba @ 09.04.2013. 14:27 ] @
Pozdrav, hvala sto si se prikljucio :)
Upravo skenira, ali u medjuvremenu samo da napomenem da sve vise sumnjam na Operu. Po pokretanju radi ok, cak sa istim otvorenim tabovima zauzima manje memorije od Mozille, ali posle izvesnog vremena pocinje da jede memoriju i kad dodje do negde 280 MB, zablokira. Iskljucivanjem ne oslobadja memoriju momentalno, vec nastavi da je koristi jos 3-4 minuta, za koje vreme je nije moguce ponovo pokrenuti normalno vec moram da je iskljucim u task-u ili da primenim force start...Naravno, obrisao vec vise puta cookies i history,preuzeo novu verziju koja se ponasa isto.
Bez obzira, ne cini mi se da je to veliko zauzece memorije, ali je ponasanje cudno. Da li utice na ostale procese, ne znam. Da je deinstaliram...uh, lepo sam je podesio i koristim samo nju, sad da prebacujem bookmark-ove i sve to :( al ako nista drugo, probacu na kraju i da je reinstaliram pa da vidimo.
Evo, gotov je i OTL scan pa ga prilazem. Izasao je jos i EXTRAS pa evo i njega.
[ kristi1 @ 09.04.2013. 16:41 ] @
Pokreni OTL

U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeci tekst:

Code:



:OTL
CHR - homepage: http://start.funmoods.com/?f=1...tFtDtFtAtDtC&cr=1337718326
CHR - default_search_provider: search_url = http://start.funmoods.com/resu...tFtDtFtAtDtC&cr=1337718326
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
[2012/07/05 09.09.39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\ffxtlbr@funmoods.com
[2012/07/05 09.09.39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\extensions\ffxtlbr@funmoods.com

:commands
[CREATERESTOREPOINT]
[emptytemp]


Klikni taster Run Fix;

Log koji dobiješ iskopiraj ovde u poruci.







..............................







Pokreni AdwCleaner
Klikni Delete
Potvrdi sa OK sve do restarta.

Kopiraj mi log fajl.
[ morihei ueshiba @ 09.04.2013. 17:31 ] @
Uradjeno. Inace i posle OTL Run Fix operacije je trazio reboot, kao i posle AdwCleanera, tako da je bilo dva puta. Oba puta se sistem dizao kao i pre, sa mukom.
Evo logovi
[ kristi1 @ 09.04.2013. 17:46 ] @

Osim ovog funmoods hijacker-a nista drugo nisam pronasao.

Da proverim jos nesto cisto da budem nacisto.



Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:


[*]Pokreni TDSSKiller i klikni na [color=blue]Change parametres[/color].

[*]U delu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

[*]Klikni na Start scan.

[*]Kad završi prikazaće ti rezultate skeniranja i tu nemoj ništa da mijenjaš već samo klikni na Continue.

[*]Ukoliko program bude zatražio restart sistema dozvoli mu to.

[*]Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
[size=9](DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)[/size][/list]
[ morihei ueshiba @ 09.04.2013. 18:20 ] @
Evo ga
[ Goran Mijailovic @ 09.04.2013. 18:34 ] @
Citat:
[ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
19:18:50.0687 1768 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:18:50.0687 1768 \Device\Harddisk0\DR0 - detected TDSS File System (1)


Opa, imas rootkit. Da ne pametujem ja kristi ce ti reci sta dalje.
[ morihei ueshiba @ 09.04.2013. 18:37 ] @
Citat:

Za nas iz zadnje klupe? Da kuvam zito i zovem popa
Rootkit znaci. Pfff, samo ne reinstalacija...

edit: prilikom skeniranja sa Avirom ukljucio sam opciju Search for rootkits before scan, ali nije detektovala

[Ovu poruku je menjao morihei ueshiba dana 09.04.2013. u 20:31 GMT+1]
[ Goran Mijailovic @ 09.04.2013. 18:47 ] @
Ma jok bwe reci ce ti kristi sta dalje
[ kristi1 @ 09.04.2013. 20:40 ] @
Pokreni ponovo TDSSKiler isto kao i ranije sa Change parametres i obrisi (delete) sledece:

\Device\Harddisk0\DR0 ( TDSS File System )

[ kristi1 @ 09.04.2013. 20:49 ] @
Znaci ovde imamo rootkit koji zivi izvan operativnog sistema (Pihar), koji kreira dodatnu hidden particiju i tako vrsi payload na Windows.

Zaboravio sam da napisem da mi dostavis log fajl na uvid.
[ morihei ueshiba @ 09.04.2013. 20:52 ] @
Scan, obrisano, scan jos jednom i evo ga poslednji log
[ kristi1 @ 09.04.2013. 20:54 ] @
Dobro, kakvo je stanje?
[ morihei ueshiba @ 09.04.2013. 20:55 ] @
Idem jedan restart, pa javljam.

Dakle, prvi restart je bio bedan, s tim sto mi se izgubio kursor, kako njegov, tako i eksterni. Sad je u toku drugi restart pa cemo videti.
Jos uvek sporo dizanje, mada primecujem da mu ovaj put memoriju jede avira koja se dize sa sistemom. Ali tako je bilo oduvek, pa nije smetalo...
Sad se kursor pojavio, ja ga pratim sa drugog racunara. Cim se stabilizuje prelazim na njega da isprobam.
Sve u svemu, 10-tak minuta traje podizanje i stabilizacija sistema.Nije on bio nikad narocito munjevit, ali nije mu trebalo vise od 3-4. jbm li ga...

[Ovu poruku je menjao morihei ueshiba dana 09.04.2013. u 22:15 GMT+1]

[Ovu poruku je menjao morihei ueshiba dana 09.04.2013. u 22:17 GMT+1]
[ kristi1 @ 09.04.2013. 21:39 ] @
Preuzmi ComboFix sa sledece adrese na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Iskljuci AV

Pokreni Combofix iskljucivo sa desktopa (I Agree)
Na svaki popup prozor klikci Yes \ Ok

Kad zavrsi skeniranje izbacice ti log na desktop

Kopiraj mi log ovde
[ morihei ueshiba @ 09.04.2013. 22:18 ] @
Evo loga
[ kristi1 @ 09.04.2013. 22:44 ] @
Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Code:



SkipFix::

SecCenter:: 
{BCF43643-A118-4432-AEDE-D861FCBCFCDF}
{EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}



Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop




Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log
[ morihei ueshiba @ 10.04.2013. 06:34 ] @
Nije trazio restart.Evo loga

edit: restartovao sam ga, nema neke promene. I dalje je podizanje problematicno.

[Ovu poruku je menjao morihei ueshiba dana 10.04.2013. u 07:50 GMT+1]
[ dragon @ 10.04.2013. 07:02 ] @
U kom su ti modu ATA kanali? Pogledaj u device manageru, inace cesto se kod XP-a desi na neki od kanala
ode u PIO mod pa se racunar vuce kao da je iz 1997 ....

http://msdn.microsoft.com/en-u...windows/hardware/gg463526.aspx
http://www.delete-computer-his...ble-dma-mode.html#.UWUAE6J7Kz4
[ kristi1 @ 10.04.2013. 08:59 ] @
Sto sam mogo ja sam uradio, to sto se sporo podize nije vezano za malware.

Ostaje da odradis sledece:

U run kopiraj sledece

Combofix /Uninstall enter i potvrdi deinstalaciju sa OK.


Preuzmi i pokreni OTC klikni na CleanUp.
Obrisace alate koje smo koristili.
[ morihei ueshiba @ 10.04.2013. 15:31 ] @
Zahvalio bih se celom konzilijumu na pomoci. Nazalost nisam blizu pa da pokucam na vrata sa viskijem i kafom, kao sto je red kad se ide kod lekara . Ali, bice prilike nadam se.
Dragon, u pravu si. Primarni IDE mi je u PIO modu, ali mi ne daje mogucnost da ga prebacim u DMA. Ako neko ima ideju kako to uraditi...
Sigurno da je koristilo otkrivanje i eliminisanje svih ovih infekcija, rad je nesto bolji. Ako ima nekih sugestija u vezi podesavanja Avire ili neceg drugog za sprecavanje ovakvih srajna, bio bih zahvalan na sugestijama. Kod mene je oduvek sve bilo na defaultu zato sto vec odavno ne posecujem mracna mesta . Dosad nije bilo nekih neresivih problema, ali eto.
Jos jednom hvala svima.