MyCity » Ambulanta -> Arhiva Ambulante » Pomoć oko brzine interneta

Pomoć oko brzine interneta

Napisano na dan: 26.1.2008
1

Pomoć oko brzine interneta
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Jan 2008 08:32
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3261

Kao što možete videti iz naslova poslednjih dana mi je strašno usporila interen konekcija (kabal 256/128 kB/s), i nije problem u provajderu kao što to zna biti, sada je brzina oko 4 kB/s.

Inače moju sumnju da je sistem zaražen je probudila ta činjenica što mi je najednom dosta usporio rad, pa sam onda preskenirao sve u programu Spybot - Search & Destroy gde mi je dao čak 55 grešaka od kojih je popravio sam 49 a 5 nije uspeo da ukloni ni posle restarta sistema i ponovnog pokretanja Spybota.

Imam još jedan problem, idem po uputstvima da bih postavio log ali kada kliknem u HijackThisu na "Do a system scan and save a logfile" neotvori mi se Notepad, tako da nemogu kopirati njegov sadržaj i postaviti ga ovde.



Poslao: 26 Jan 2008 10:06
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 26 Jan 2008 12:15
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3261

Ipak sam nekako uspeo da postavim log od HijackThisa, valja nije problem.


Logfile of HijackThis v1.99.1
Scan saved at 12:02, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Documents and Settings\Administrator\Desktop\Nova fascikla\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Poslao: 26 Jan 2008 12:35
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Isprati uputstvo za ComboFix (HT log je čist).

Napiši i šta to SpyBot ne može da odradi - nazivi file-ova, lokacije...

Poslao: 26 Jan 2008 15:37
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3261

Inače tokom skeniranja sa ComboFix-om dva puta se oglašavao AV.

Evo ComboFix loga:


ComboFix 08-01-23.1C - Administrator 2008-01-26 15:04:30.3 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 12:17 . 2008-01-26 12:18 <DIR> d-------- C:\WINDOWS\system32\ana ivanovic dir
2008-01-26 12:17 . 2008-01-26 12:17 512,000 --a------ C:\WINDOWS\system32\ana ivanovic.scr
2008-01-26 10:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 06:35 . 2008-01-25 06:35 <DIR> d-------- C:\WINDOWS\Sun
2008-01-25 06:22 . 2008-01-25 09:44 <DIR> d-------- C:\Program Files\Visual Web Spider
2008-01-23 21:07 . 2008-01-26 14:46 377 --a------ C:\WINDOWS\wininit.ini
2008-01-20 13:12 . 2008-01-20 13:12 <DIR> d-------- C:\Enter
2008-01-17 18:06 . 2008-01-17 18:06 <DIR> d-------- C:\Program Files\Jocsoft
2008-01-13 20:25 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-13 20:25 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-12 08:06 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-01-12 08:06 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-01-12 08:06 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-01-12 08:06 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-01-12 08:05 . 2005-07-29 22:55 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-12 08:05 . 2005-07-29 22:55 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-12 08:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-12 08:05 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-12 08:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-12 08:05 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-12 08:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-12 08:05 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-12 08:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-01-12 08:05 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-01-12 07:53 . 2008-01-12 08:20 <DIR> d-------- C:\WINDOWS\PAC207
2008-01-12 07:53 . 2008-01-12 07:53 <DIR> d-------- C:\Program Files\PC Camera
2008-01-12 07:53 . 2008-01-12 07:53 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-01-11 19:48 . 2008-01-11 19:48 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-07 16:56 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-07 16:55 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-07 16:54 . 2008-01-07 16:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-07 16:49 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\HP
2008-01-07 16:47 . 2008-01-07 16:57 116,998 --a------ C:\WINDOWS\hpoins11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 14:11 47,683,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-26 14:10 1,602,848 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-26 10:41 643,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-26 10:41 154,088 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-25 06:41 --------- d-----w C:\Program Files\IObit
2008-01-23 23:05 --------- d-----w C:\Program Files\ICQToolbar
2008-01-17 20:19 --------- d-----w C:\Program Files\TubeSucker
2008-01-17 18:53 --------- d-----w C:\Program Files\FreeGamePick.com
2008-01-17 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 10:31 --------- d-----w C:\Program Files\Google
2008-01-11 19:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-06 02:33 --------- d-----w C:\Program Files\Opera 9
2008-01-01 05:05 --------- d-----w C:\Program Files\Banner Maker Pro 6
2007-12-26 06:58 --------- d-----w C:\Program Files\XVideoConverter
2007-12-26 06:17 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-20 18:33 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-19 00:11 --------- d-----w C:\Program Files\Opera
2007-12-18 22:35 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-12-18 22:32 --------- d-----w C:\Program Files\ElcomSoft
2007-12-16 05:22 --------- d-----w C:\Program Files\Common Files\Raxco
2007-12-14 15:22 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-13 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 22:06 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-12 19:42 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 07:00 --------- d-----w C:\Program Files\Oddin Software
2007-12-09 02:20 --------- d-----w C:\Program Files\Yahoo!
2007-12-08 23:21 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-08 19:16 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-04 15:06 --------- d-----w C:\Program Files\TC PowerPack
2007-12-02 10:56 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-26 21:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-26 09:52 --------- d-----w C:\Program Files\JLC's Software
2007-11-06 07:37 227,592 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-11-04 10:56 7,851 ----a-w C:\WINDOWS\system32\winupsvc.exe
2007-11-04 10:56 7,851 ----a-w C:\WINDOWS\system32\winsvcup.exe
2007-11-04 10:56 7,851 ----a-w C:\WINDOWS\system32\mswinup.exe
2007-10-10 23:28 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 25088]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1825792]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8123"="command /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingD8495"="cmd /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingB8904"="command /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingD194"="cmd /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
"srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2007-05-04 13:24 35840]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-01-21 15:42 103936]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA9381"="command /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingC7416"="cmd /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingA8858"="command /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotDeletingC1454"="cmd /c del C:\WINDOWS\SchedLgU.Txt_tobedeleted" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 00:04 4393096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 25088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 IntelS51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\IntelS51.sys [2004-12-23 09:52]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.172\kerneld.wnt []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 03:15:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Personal.job"
- C:\PROGRA~1\IObit\ADVANC~1\Awcl.exe
"2008-01-25 06:45:19 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
"2008-01-26 10:32:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{61EDF5FA-C82B-4023-8C2B-44D92736E24F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-26 15:11:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 15:13:51
ComboFix-quarantined-files.txt 2008-01-26 14:13:41



Evo na kraju najbolje uslikano stanje iz Spybota:



Dopuna: 26 Jan 2008 15:37

Mislim da se AV zbog ovoga oglasio (to su zadnja dva):

detected: riskware Trojan.generic Running process: E:\Instalacioni programi za podizanje O.S.-a\Srpskey.exe

i

detected: riskware Invader Running process: C:\WINDOWS\system32\srpskey.exe

Koliko vidim ovde se AV javio zbog malog programčeta Srpskey (40-tak KB) kog koeistim sigurno već sve godine i misim da on nepravi probleme, inače i prilikom instalace programa AV se javljao, programčić služi za lakše unošenje slova kao što su Š Ž Č Ć i Đ.

Poslao: 26 Jan 2008 16:00
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Za početak restartuj kompjuter, a zatim...

Isključi AV pre sledećeg koraka.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\winupsvc.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\mswinup.exe

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 26 Jan 2008 16:35
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3261

ComboFix 08-01-23.1C - Administrator 2008-01-26 16:24:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.92 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\mswinup.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\winupsvc.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\mswinup.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\winupsvc.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 12:17 . 2008-01-26 12:18 <DIR> d-------- C:\WINDOWS\system32\ana ivanovic dir
2008-01-26 12:17 . 2008-01-26 12:17 512,000 --a------ C:\WINDOWS\system32\ana ivanovic.scr
2008-01-26 10:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 06:35 . 2008-01-25 06:35 <DIR> d-------- C:\WINDOWS\Sun
2008-01-25 06:22 . 2008-01-25 09:44 <DIR> d-------- C:\Program Files\Visual Web Spider
2008-01-23 21:07 . 2008-01-26 14:46 377 --a------ C:\WINDOWS\wininit.ini
2008-01-20 13:12 . 2008-01-20 13:12 <DIR> d-------- C:\Enter
2008-01-17 18:06 . 2008-01-17 18:06 <DIR> d-------- C:\Program Files\Jocsoft
2008-01-13 20:25 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-13 20:25 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-12 08:06 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-01-12 08:06 . 2004-08-03 23:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-01-12 08:06 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-01-12 08:06 . 2004-08-03 23:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-01-12 08:05 . 2005-07-29 22:55 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-12 08:05 . 2005-07-29 22:55 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-12 08:05 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-12 08:05 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-12 08:05 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-12 08:05 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-12 08:05 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-12 08:05 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-12 08:05 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-01-12 08:05 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-01-12 07:53 . 2008-01-12 08:20 <DIR> d-------- C:\WINDOWS\PAC207
2008-01-12 07:53 . 2008-01-12 07:53 <DIR> d-------- C:\Program Files\PC Camera
2008-01-12 07:53 . 2008-01-12 07:53 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-01-11 19:48 . 2008-01-11 19:48 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-07 16:56 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-07 16:55 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-07 16:54 . 2008-01-07 16:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-07 16:49 . 2008-01-07 16:56 <DIR> d-------- C:\Program Files\HP
2008-01-07 16:47 . 2008-01-07 16:57 116,998 --a------ C:\WINDOWS\hpoins11.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 15:28 47,815,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-26 15:28 1,605,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-26 15:12 645,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-26 15:12 154,544 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-25 06:41 --------- d-----w C:\Program Files\IObit
2008-01-23 23:05 --------- d-----w C:\Program Files\ICQToolbar
2008-01-17 20:19 --------- d-----w C:\Program Files\TubeSucker
2008-01-17 18:53 --------- d-----w C:\Program Files\FreeGamePick.com
2008-01-17 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 10:31 --------- d-----w C:\Program Files\Google
2008-01-11 19:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-06 02:33 --------- d-----w C:\Program Files\Opera 9
2008-01-01 05:05 --------- d-----w C:\Program Files\Banner Maker Pro 6
2007-12-26 06:58 --------- d-----w C:\Program Files\XVideoConverter
2007-12-26 06:17 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-20 18:33 91,492 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-19 00:11 --------- d-----w C:\Program Files\Opera
2007-12-18 22:35 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-12-18 22:32 --------- d-----w C:\Program Files\ElcomSoft
2007-12-16 05:22 --------- d-----w C:\Program Files\Common Files\Raxco
2007-12-14 15:22 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-13 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-13 22:06 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-12 19:42 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 07:00 --------- d-----w C:\Program Files\Oddin Software
2007-12-09 02:20 --------- d-----w C:\Program Files\Yahoo!
2007-12-08 23:21 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-12-08 19:16 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-04 15:06 --------- d-----w C:\Program Files\TC PowerPack
2007-12-02 10:56 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-26 21:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-26 09:52 --------- d-----w C:\Program Files\JLC's Software
2007-11-06 07:37 227,592 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-10-10 23:28 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 09:56:59 1,458,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 15:24:39 1,458,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 09:56:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 15:24:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 09:57:01 7,647,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 15:24:39 7,647,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 15:24:39 1,458,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\NTUSER.DAT
+ 2008-01-26 15:24:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\UsrClass.dat
- 2008-01-26 09:57:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 15:24:39 344,064 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 25088]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:21 1825792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02 200768]
"srpskey"="C:\WINDOWS\SYSTEM32\SRPSKEY.EXE" [2007-05-04 13:24 35840]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-01-21 15:42 103936]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 25088]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 IntelS51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\IntelS51.sys [2004-12-23 09:52]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.172\kerneld.wnt []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 03:15:00 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Personal.job"
- C:\PROGRA~1\IObit\ADVANC~1\Awcl.exe
"2008-01-25 06:45:19 C:\WINDOWS\Tasks\SmartDefrag.job"
- C:\Program Files\IObit\IObit SmartDefrag\schedule.exe
"2008-01-26 10:32:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{61EDF5FA-C82B-4023-8C2B-44D92736E24F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-01-26 16:28:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 16:30:24
ComboFix-quarantined-files.txt 2008-01-26 15:30:07
ComboFix2.txt 2008-01-26 14:13:53

Poslao: 26 Jan 2008 17:24
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Jesi li možda u međuvremenu spajao neki USB drive na PC?
Odradi sledeće...


Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.



Kakvo je trenutno stanje?

Poslao: 26 Jan 2008 18:04
Idi na vrh
offline
  • Brok  Male
  • Moderator foruma
  • Mihajlo Bogdanović
  • Linux driver - fighter - warrior
  • Pridružio: 04 Maj 2005
  • Poruke: 3261

Mislim da te baš nerazumem baš najbolje, koji inficirane USB flash drive treba da priključim.

Jedino što sam spajao na USB je modem, ustvari nisam ga spajao i otpajao nego sam mu isključio (restartovao) pa uključio napajanje, jer nisam ima dobru net konekciju, nisam nikako mogao da upostujem log.

Imam na USB sledeće stvari: štampač, modem, tastaturu, jedan USB razvodnik, kabal od foto aparata (koji je stalno nakačen) i jedanu USB memoriju 2 GB koju nisam koristio jedno 10-tak dana.

Dopuna: 26 Jan 2008 18:04

I da zaboraovio sam, čini mi se da je sada bolje stanje.

Poslao: 26 Jan 2008 18:22
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » Pomoć oko brzine interneta

Ko je trenutno na forumu
 

Ukupno su 1077 korisnika na forumu :: 110 registrovanih, 7 sakrivenih i 960 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _stipa_, Alexa77, Alexandar-1973, alexbr, ArchaBasha, Aristotle2002, Asparagus, BLACKBIRD201284, bokisha253, Boris BM, BORUTUS, Cian, Cigi, colji, CrazyNorth, cyprus, DalmatinacMF, darkangel, darkojbn, Dimitrise93, Django777, Dogma21, Dorcolac, Dragon Order, Dzoni Stek, feanor, Feller, Fullback, gacesam, GandorCC, goran.vvv, ikan, ivan_8282, Jakonjveliki, jalos, Jose, Josef, Konda, KonstantinR, krkalon, Krusarac, Kukuvaja, Leonov, Lieutenant, ljuba.b, macak44, MaksicZoran, mercedesamg, Metanoja, miki kv, mikrimaus, Miletić Zoran, milikonst, Milo97, Milos1389, mkukoleca, mocnijogurt, moldway, Mrav Obrad, mrav pesadinac, Mskok, nebojsag, Nomica, novator, obsc, oldtimer, orah, panzerwaffe, pceklic, pein, pisac12, Polifon, PrincipL, raketaš, Ranutovac, raykan, Razdroid, rovac, Sančo, sekretar, Shinobi, shone34, Sr.Stat., stalja, stegonosa, suton, TalicniTom, TBoy, tecataki, tehnika, tenkiasta71, tihi-posmatrac, Tribal, ujke, uruk, voja64, Vojkan Petrovic, vrag81, Vzor50, X3, XBMC, XiaomiX, zeo, ZlatniRez, zmajbre, zokizemun, Zorge, Zrcalo, 1453