MyCity » Ambulanta -> Arhiva Ambulante » Uklonila malware_i dalje sporo otvara net_sto je uzrok?

Uklonila malware_i dalje sporo otvara net_sto je uzrok?

Napisano na dan: 8.4.2009

Uklonila malware_i dalje sporo otvara net_sto je uzrok?

Sledeća strana

Pagination

Odgovori

novidan Poslao: 08 Apr 2009 14:42 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:57:16, on 2009-04-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\sstray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\zoki\Desktop\VIRUS-trazi\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{C3DF89C9-19E0-48EA-BC79-BCAD8A613659}: NameServer = 81.27.0.3,192.168.1.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 6789 bytes ............................. juce sam dobila info od ad-aware da imam 4 malware i da su vezani za files pa se moze ukloniti.. to su bili sledeci tipovi W32Ba\\Zapchast W32Tr\\yBanker maknula sam u karantenu a onda obrisala...nadala se bit ce OK jutros i dalje vrlo sporo otvara net... da li je uzrok ta moja 'operacija' ili je jos nesto ostalo, ili sam nesto poremetila.. imam bezicnu konekciju na PC preko routera ZyXEL P-320W. pokazuje 11.0 Mbps..valjda to znaci da router moze toliko.. jer ja imam max 5Mbps od mog isporucioca isporucilac C-SAM.se brzina prema meni (max) 5.0 Mbps brzina od mene (max) 5.0 Mbps Levereras via LAN-uttaget U zadnja 3 -4 dana je vrlo spora veza..a zadnja 2 dana vrlo sporo otvaram svaki web sto je uzrok? MALWARE? ostecenje sto sam obrisala malware? ili problem lezi u routeru i smetnjama na vezi? ........................................... Processor name: AMD Athlon(tm) XP 2600+ Processor identifier: x86 Family 6 Model 10 Stepping 0 Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2560, number of processors 1 Physical memory available: 483495936 bytes Physical memory total: 1073201152 bytes Virtual memory available: 2005032960 bytes Virtual memory total: 2147352576 bytes Memory load: 54% Microsoft Windows XP Professional Service Pack 3 (build 2600

Profil

dr_Bora Poslao: 08 Apr 2009 17:03 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Privremeno isključi Ad-Watch (uputstvo). Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface). * Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

novidan Poslao: 08 Apr 2009 22:14 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala Dr.Bora, mogla sam te bas pozvati u posetu..u Järnu(Södertälje) evo log: ComboFix 09-04-04.01 - zoki 2009-04-08 22:10:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.442 [GMT 2:00] Running from: c:\documents and settings\zoki\Desktop\VIRUS-trazi\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG . ((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 ))))))))))))))))))))))))))))))) . 2009-04-01 01:13 . 2009-04-01 01:13 <DIR> dr------- c:\program files\Skype 2009-04-01 01:13 . 2009-04-01 01:13 <DIR> d-------- c:\program files\Common Files\Skype 2009-03-30 20:08 . 2009-03-30 21:18 <DIR> d-------- c:\documents and settings\zoki\Application Data\ImgBurn 2009-03-30 20:00 . 2009-03-30 21:17 <DIR> d-------- c:\program files\ImgBurn 2009-03-24 13:12 . 2009-03-24 13:12 <DIR> d-------- c:\program files\AVI MPEG ASF WMV Splitter 2009-03-16 22:44 . 2009-03-16 22:44 <DIR> d-------- c:\documents and settings\zoki\Application Data\dvdcss 2009-03-16 02:44 . 2009-03-24 22:28 <DIR> d-------- c:\documents and settings\zoki\Application Data\vlc 2009-03-16 00:41 . 2009-03-16 00:41 <DIR> d-------- c:\program files\VideoLAN 2009-03-12 22:51 . 2003-09-26 10:40 51,584 -ra------ c:\windows\system32\drivers\RT2400.sys 2009-03-10 16:19 . 2009-03-10 16:19 <DIR> d-------- c:\program files\DVD Shrink 2009-03-10 16:19 . 2009-03-10 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-08 19:40 --------- d-----w c:\documents and settings\zoki\Application Data\Skype 2009-04-08 16:40 --------- d-----w c:\documents and settings\zoki\Application Data\skypePM 2009-04-07 20:07 --------- d-----w c:\program files\Soulseek 2009-04-05 15:33 --------- d-----w c:\program files\Oshobooks 2009-03-31 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-03-30 09:48 --------- d-----w c:\documents and settings\zoki\Application Data\uTorrent 2009-03-28 00:12 --------- d-----w c:\program files\Foxit Software 2009-03-24 20:28 --------- d-----w c:\documents and settings\zoki\Application Data\vlc 2009-03-12 20:49 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 17:56 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-08 17:52 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-06 22:49 --------- d-----w c:\program files\Common Files\Adobe 2009-03-02 00:11 --------- d-----w c:\documents and settings\zoki\Application Data\Orbit 2009-03-01 16:36 --------- d-----w c:\program files\Orbitdownloader 2009-02-22 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-22 16:51 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-22 16:51 --------- d-----w c:\program files\Lavasoft 2009-02-16 20:54 --------- d-----w c:\documents and settings\zoki\Application Data\Spotify 2009-02-16 17:26 --------- d-----w c:\program files\Spotify 2009-02-11 11:13 --------- d-----w c:\program files\WS_FTP Pro 2009-02-11 00:36 --------- d-----w c:\program files\PIXresizer 2009-02-10 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-02-10 18:13 --------- d-----w c:\program files\Bonjour 2009-02-10 18:07 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-01-30 22:13 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-11 20:16 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe 2009-01-09 18:41 36,734 ----a-w c:\windows\system32\OggDSuninst.exe 2009-01-09 18:41 33,533 ----a-w c:\windows\system32\CoreVorbis-uninstall.exe 1999-06-25 09:55 149,504 ----a-w c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-08 515416] "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-03 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-31 00:13 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-22 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-18 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-18 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-19 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 298264] R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-03-12 51584] S3 Acpa80v;Acpa80v; [x] S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-08 19:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ uInternet Settings,ProxyOverride = .local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {C3DF89C9-19E0-48EA-BC79-BCAD8A613659} = 81.27.0.3,192.168.1.1 FF - ProfilePath - c:\documents and settings\zoki\Application Data\Mozilla\Firefox\Profiles\ce7l0l7w.default\ FF - prefs.js: browser.startup.homepage - yahoo.com FF - component: c:\documents and settings\zoki\Application Data\Mozilla\Firefox\Profiles\ce7l0l7w.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 22:11:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-04-08 22:12:28 ComboFix-quarantined-files.txt 2009-04-08 20:12:23 Pre-Run: 4 674 347 008 bytes free Post-Run: 4,907,532,288 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 156 --- E O F --- 2009-03-13 09:28:10

Profil

dr_Bora Poslao: 09 Apr 2009 18:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Acpa80v` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

novidan Poslao: 09 Apr 2009 21:42 Idi na vrh
offline novidan Super građanin Zora Pridružio: 22 Okt 2004 Poruke: 1435 Gde živiš: ni na nebu ni na zemlji	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala! ComboFix 09-04-04.01 - zoki 2009-04-09 21:33:17.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.538 [GMT 2:00] Running from: c:\documents and settings\zoki\Desktop\VIRUS-trazi\ComboFix.exe Command switches used :: c:\documents and settings\zoki\Desktop\VIRUS-trazi\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Acpa80v ((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 ))))))))))))))))))))))))))))))) . 2009-04-01 01:13 . 2009-04-01 01:13 <DIR> dr------- c:\program files\Skype 2009-04-01 01:13 . 2009-04-01 01:13 <DIR> d-------- c:\program files\Common Files\Skype 2009-03-30 20:08 . 2009-03-30 21:18 <DIR> d-------- c:\documents and settings\zoki\Application Data\ImgBurn 2009-03-30 20:00 . 2009-03-30 21:17 <DIR> d-------- c:\program files\ImgBurn 2009-03-24 13:12 . 2009-03-24 13:12 <DIR> d-------- c:\program files\AVI MPEG ASF WMV Splitter 2009-03-16 22:44 . 2009-03-16 22:44 <DIR> d-------- c:\documents and settings\zoki\Application Data\dvdcss 2009-03-16 02:44 . 2009-03-24 22:28 <DIR> d-------- c:\documents and settings\zoki\Application Data\vlc 2009-03-16 00:41 . 2009-03-16 00:41 <DIR> d-------- c:\program files\VideoLAN 2009-03-12 22:51 . 2003-09-26 10:40 51,584 -ra------ c:\windows\system32\drivers\RT2400.sys 2009-03-10 16:19 . 2009-03-10 16:19 <DIR> d-------- c:\program files\DVD Shrink 2009-03-10 16:19 . 2009-03-10 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-09 19:37 --------- d-----w c:\documents and settings\zoki\Application Data\Skype 2009-04-09 19:22 --------- d-----w c:\documents and settings\zoki\Application Data\skypePM 2009-04-07 20:07 --------- d-----w c:\program files\Soulseek 2009-04-05 15:33 --------- d-----w c:\program files\Oshobooks 2009-03-31 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-03-30 09:48 --------- d-----w c:\documents and settings\zoki\Application Data\uTorrent 2009-03-28 00:12 --------- d-----w c:\program files\Foxit Software 2009-03-24 20:28 --------- d-----w c:\documents and settings\zoki\Application Data\vlc 2009-03-12 20:49 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 17:52 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-06 22:49 --------- d-----w c:\program files\Common Files\Adobe 2009-03-02 00:11 --------- d-----w c:\documents and settings\zoki\Application Data\Orbit 2009-03-01 16:36 --------- d-----w c:\program files\Orbitdownloader 2009-02-22 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-22 16:51 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-22 16:51 --------- d-----w c:\program files\Lavasoft 2009-02-16 20:54 --------- d-----w c:\documents and settings\zoki\Application Data\Spotify 2009-02-16 17:26 --------- d-----w c:\program files\Spotify 2009-02-11 11:13 --------- d-----w c:\program files\WS_FTP Pro 2009-02-11 00:36 --------- d-----w c:\program files\PIXresizer 2009-02-10 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-02-10 18:13 --------- d-----w c:\program files\Bonjour 2009-02-10 18:07 --------- d-----w c:\program files\Common Files\Macrovision Shared 1999-06-25 09:55 149,504 ----a-w c:\program files\UNWISE.EXE . ((((((((((((((((((((((((((((( SnapShot@2009-04-08_22.11.21,85 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-04-09 19:36:16 16,384 ----atw c:\windows\temp\Perflib_Perfdata_344.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-08 515416] "nForce Tray Options"="sstray.exe" [2003-08-13 c:\windows\system32\sstray.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-03 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-31 00:13 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-22 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-18 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-18 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-19 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-19 298264] R3 RT2400;ASUS Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-03-12 51584] S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS --> c:\windows\system32\ASNDIS5.SYS [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] . Contents of the 'Scheduled Tasks' folder 2009-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-08 19:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ uInternet Settings,ProxyOverride = .local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {C3DF89C9-19E0-48EA-BC79-BCAD8A613659} = 81.27.0.3,192.168.1.1 FF - ProfilePath - c:\documents and settings\zoki\Application Data\Mozilla\Firefox\Profiles\ce7l0l7w.default\ FF - prefs.js: browser.startup.homepage - yahoo.com FF - component: c:\documents and settings\zoki\Application Data\Mozilla\Firefox\Profiles\ce7l0l7w.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 21:37:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WgaTray.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-04-09 21:39:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-09 19:39:34 ComboFix2.txt 2009-04-08 20:12:30 Pre-Run: 4 919 631 872 bytes free Post-Run: 4,844,744,704 bytes free 164 --- E O F --- 2009-03-13 09:28:10

Profil

dr_Bora Poslao: 09 Apr 2009 22:01 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo bi trebao biti čist kompjuter. Ako problem i dalje postoji, probaj da se obratiš provajderu. Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. To bi bilo sve što sam ja mogao da uradim...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Uklonila malware_i dalje sporo otvara net_sto je uzrok?

Ko je trenutno na forumu

Ukupno su 1130 korisnika na forumu :: 46 registrovanih, 6 sakrivenih i 1078 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, babaroga, Bobrock1, Boris90, Brana01, brundo65, CrazyDiablo, Dannyboy, djboj, djordje92sm, doloress, dozorni, Excalibur13, hatman, HrcAk47, ILGromovnik, Još malo pa deda, karevski, karirani, Kubovac, mackenzie, Mercury, Mi lao shu, MiGac, milenko crazy north, milimoj, Millennium, Motocar, nemkea71, nenad81, nikoladim, Parker, Penzula, prle122, Romibrat, royst33, Shinobi, sombrero, strelac07, tubular, virked, VJ, zixmix, zodiac94, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by