Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

ADSL upload 450kbs! WTF?!

[es] :: Zaštita :: ADSL upload 450kbs! WTF?!

[ Pregleda: 1931 | Odgovora: 8 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

knele82
Srdjan Knezevic
Novi Sad

Član broj: 97973
Poruke: 94
93.86.225.*

Sajt: www.supersupa.com


+1 Profil

icon ADSL upload 450kbs! WTF?!15.06.2009. u 14:12 - pre 180 meseci
Ovo sad pocinje da me nervira,nadam se da neko moze da mi pomogne!
Imam ADSL 2Mbs i s vremena na vreme pocne da mi se budzi net,otvorim NetGraph ili Net Limiter kao ono upload pici i do 400kb!! Sve od programa pogasim a lampica i dalje blinka!
Kontao sam virus i skinuo sam poslednje verzije Spybot-a i Malwarebytes-a. Ocistio komp a evo posle pola sata opet,zuti mi se NetGraph samo zvoni!!
Prvo nemoguce da je upload toliki a drugo gde ti podaci odlaze?!
Ako je neki virus u pitanju kako mi prodje svaki put pored NOD-a i svih tih sr......
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: ADSL upload 450kbs! WTF?!15.06.2009. u 20:05 - pre 180 meseci
Skinite program HijackThis.
Kada ga preuzmete, preimenujte fajl u bilo sta, npr. “destruct0.exe”. Pokrenite ga i kliknite “Do a system scan and save a logfile”. Taj log iskopirajte ovde.
 
Odgovor na temu

valjan
Janko Valencik
Software Deployer
Schneider Electric
Novi Sad

Moderator
Član broj: 158605
Poruke: 3531
*.adsl.eunet.rs.



+553 Profil

icon Re: ADSL upload 450kbs! WTF?!16.06.2009. u 08:06 - pre 180 meseci
Kao sto sam vec napisao u nekoliko tema, uz Windows dobijas alat koji ti moze sve reci o tome sa kim tvoj racunar komunicira.

U command promptu kucas "netstat -ano", i u izvestaju gledas samo one zapise gde je u prvoj koloni TCP, u drugoj tvoja IP adresa (ignorises 0.0.0.0 i 127.0.0.1), u trecoj neka adresa koja nije nijedna od tvoje tri interne adrese, a u cetvrtoj ESTABLISHED. Mozes da kucas i varijantu "netstat -abno" pa da vidis koji tacno proces komunicira sa spoljnim svetom (da ne moras sam da trazis koji PID pripada kojem procesu), ali ti preporucujem da u tom slucaju rezultat preusmeris u neki txt fajl (npr. "netstat -abno > c:\rezultat.txt", pa onda otvoris taj c:\rezultat.txt u notepadu ili bilo kom drugom text editoru/vieweru) jer se ekranski prikaz sa b switchem uglavnom osvezava jako sporo. Takodje, da bi ti izvestaj bio kraci, mozes filtrirati samo tcp protokol ("netstat -ano -p tcp" ili "netstat -abno -p tcp > c:\rezultat.txt").

Na primer:

Citat:
TCP 192.168.0.1:1982 209.85.135.139:80 ESTABLISHED 2228


je jedan od redova kakve treba da potrazis, i ovo je recimo Firefox koji drzi otvorenu Google stranicu.

Citat:
TCP 192.168.0.1:1982 209.85.135.139:80 ESTABLISHED 2228
[firefox.exe]


je isto to ali kada koristis i b switch, pa ne moras rucno da trazis kom procesu pripada PID 2228, nego dobijes ime procesa u sledecem redu.

Naravno, pre nego sto odradis skeniranje pozeljno je da pozatvaras sve browsere, mail klijente, messengere i slicno kako bi ti izvestaj bio sto kraci, ali je ponekad zgodno upaliti bas sve sto koristis da vidis da u nekom programu ne cuci neki zlonamerni plug-in/add-on/extension/sta-li-vec.

Ja sam na ovaj nacin otkrivao neke crve i trojance koje nisam mogao pronaci normalnim skeniranjem, a bilo je ocigledno da nesto zagusuje link.
 
Odgovor na temu

knele82
Srdjan Knezevic
Novi Sad

Član broj: 97973
Poruke: 94
93.86.225.*

Sajt: www.supersupa.com


+1 Profil

icon Re: ADSL upload 450kbs! WTF?!16.06.2009. u 08:52 - pre 180 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:09 AM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\wpchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Programi-inst\!Razni\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Kn3le\Desktop\NetGraph2.exe
C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cmd.exe
D:\!!!Downloads PROGRAMI\destruct0.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Video File] wpchost.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunServices: [Video File] wpchost.exe
O4 - HKCU\..\Run: [RSD_HDDThermo] D:\Programi-inst\!Razni\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kn3le\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 14435 bytes
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: ADSL upload 450kbs! WTF?!16.06.2009. u 09:33 - pre 180 meseci
Stiklirajte sledece objekte i kliknite “Fix checked”
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Video File] wpchost.exe
O4 - HKLM\..\RunServices: [Video File] wpchost.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

Posle toga restartujte kompjuter i napravite novi log.

Ako mozete fajlove i foldere
C:\WINDOWS\system32\wpchost.exe
C:\Program Files\AskBarDis

da zapakujete u ".rar"/".zip" sa password-om "virus", upload-ujete na Rapidshare i posaljete mi link preko PP.

P.S. Posle toga rucno izbrisite
C:\Program Files\AskBarDis

• Preuzmite i instalirajte program Malwarebytes` Anti-Malware - http://www.malwarebytes.org/mbam-download.php
• Pokrenite ga i izvrsite update(Update > Check for Updates) i po zavrsetku potvrdite sa OK.
• Posle update-a odaberi Scanner, oznacite Perform full scan i pritisnite Scan.
• Kada se skeniranje zavrsi pritisnite OK, pa Show Results da vidite izvestaj.
• Proverite da li su svi pronadjeni fajlovi stiklirani(ako nisu selektujte ih), pritisnite Remove Selected i potvrdite sa OK.
• Program ce vas upitati da restartujes racunar i vi to potvrdite.
• Takodje posle ukljanjanje malware-a sa racunara dobicete log fajl(izvestaj) koji cete iskopirati ovde.
 
Odgovor na temu

knele82
Srdjan Knezevic
Novi Sad

Član broj: 97973
Poruke: 94
93.86.224.*

Sajt: www.supersupa.com


+1 Profil

icon Re: ADSL upload 450kbs! WTF?!16.06.2009. u 17:18 - pre 179 meseci
Odradio sve ali nazalost nisam prvo kopirao wpchost.exe pa ga sada nema,ali ti saljem AskBarDis folder:

http://www.sendspace.com/file/f8s6os



Log File:

Malwarebytes' Anti-Malware 1.37
Database version: 2282
Windows 5.1.2600 Service Pack 2

6/16/2009 6:16:43 PM
mbam-log-2009-06-16 (18-16-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 233045
Time elapsed: 33 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: ADSL upload 450kbs! WTF?!16.06.2009. u 20:59 - pre 179 meseci
Hvala na AksBarDis-u. Da li imate i dalje problema?
 
Odgovor na temu

knele82
Srdjan Knezevic
Novi Sad

Član broj: 97973
Poruke: 94
93.86.225.*

Sajt: www.supersupa.com


+1 Profil

icon Re: ADSL upload 450kbs! WTF?!17.06.2009. u 11:41 - pre 179 meseci
Sad je sve ok!! :)

Ima jos dva pitanja za kraj:

1. Kako je moguce da NetGraph i Net Limit pokazuju upload od cak 400kbs kada je max. za moj paket 25?
2. I kako da sprecim za ubudece ulazak ove vrste virusa,nesto bolje od Noda-a ili neki firewall?!

Dashkes hvala na svemu do sada!
 
Odgovor na temu

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: ADSL upload 450kbs! WTF?!17.06.2009. u 20:23 - pre 179 meseci
1. Da li je kompjuter u nekoj mrezi?
2. Pa ja bih npr. koristio Dr.Web anti-virus + Outpost Firewall PRO(ako hocete free varijantu onda - Avira AntiVir Personal + Outpost Firewall Free).
Nema na cemu. ;)
 
Odgovor na temu

[es] :: Zaštita :: ADSL upload 450kbs! WTF?!

[ Pregleda: 1931 | Odgovora: 8 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.