Veza sa netom zestoko usporena

1

Veza sa netom zestoko usporena

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7911
  • Gde živiš: Moskva, Rusija

Danas ceo dan radio komp normalno i odjednom negde popodne prestade da radi net. Resetujem komp, zovem podrsku, sve proverimo sve radi sa njihove strane. Ali, meni net uzasno sporo ide (oko 0.3KB/s na 2.5 Mbit-noj vezi). podrska mi predlozila da proverim na viruse, Kasperski radi trenutno, ali sam pre njega pustio HT da i vi pogledate da li je nesto uletelo neocekivano.

Logfile of HijackThis v1.99.1
Scan saved at 21:00:38, on 01.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Misko\Desktop\OtmiOvo\TjapiGa.exe

R3 - URLSearchHook: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O3 - Toolbar: free-downloads.net Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfre1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Cтатистика Веб-Антивируса - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{89B67196-C572-4DB5-B159-7D714FFD6B9B}: NameServer = 212.188.4.10,195.34.32.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFEA9F4-5E98-4ACA-8DF7-177EF9890A45}: NameServer = 212.188.4.10,195.34.32.116
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Hvala unapred.

Dopuna: 01 Jun 2008 21:14

Malopre mi se po prvi put pojavilo jos nesto:



U to vreme radio je samo Kasperski - proveravao komp, a osim njega ukljucen je bio samo js FF. "Resetovao" se explorer.exe i morao sam ponovo da se okacim na net. Kompjuter je prikljucen na modem/ruter preko wireless-a, a modem je na ADSL-u. Ako je to uopste bitno.

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23093
  • Gde živiš: Niš

http://www.mycity.rs/Hosting-i-domeni/Pozar-u-TheP.....ton-u.html
http://www.mycity.rs/Pitanja-i-predlozi/DNS-serveri-izgoreli.html

svi se zale na net, i ovde po Srbiji.
mislim da je zbog ovog datacentra, izgleda da je tamo mnogo DNS servera bilo.
tako da mislim da su svi ovi problemi sa netom povezani sa ovim pozarom.
trebalo bi sve "samo-od-sebe" da se sredi u narednih 24h.

p.s. ovo je samo moja teorija.
izvinjavam se za 'upad' u topic.

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7911
  • Gde živiš: Moskva, Rusija

Situacija jutros je ista kao sinoc, internet na desktop kompjuteru je uzasno uzasno spor, a na laptopu je sve ok. Oba kompjutera su vezana wireless-om na ruter, laptop radi normalno, a desktop gotovo nikako. Stoga, nesto sumnjam da je u pitanju pozar u Hjustonu...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7911
  • Gde živiš: Moskva, Rusija

Hvala, bobby, bice popodne/uvece, kad stignem kuci.

Dopuna: 02 Jun 2008 21:45

ComboFix 08-06-01.6 - Misko 2008-06-02 20:24:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1536 [GMT 4:00]
Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\WINDOWS\system32\FOLESVR.DLL

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 20:02 . 2008-06-02 20:13 209 --a------ C:\ASWL2K.ini
2008-05-28 22:11 . 2008-05-28 22:11 244 --ah----- C:\sqmnoopt09.sqm
2008-05-28 22:11 . 2008-05-28 22:11 232 --ah----- C:\sqmdata09.sqm
2008-05-28 22:02 . 2006-02-21 17:23 525,824 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-05-28 22:02 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-05-28 22:02 . 2005-02-11 21:46 371,712 --a------ C:\WINDOWS\system32\drivers\bcmwl5.sys
2008-05-28 22:02 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-05-28 22:02 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-05-28 22:02 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-05-28 22:02 . 2008-05-28 22:02 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-28 22:02 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-05-28 22:02 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-05-28 21:59 . 2008-05-28 21:59 244 --ah----- C:\sqmnoopt08.sqm
2008-05-28 21:59 . 2008-05-28 21:59 232 --ah----- C:\sqmdata08.sqm
2008-05-13 21:50 . 2008-05-13 21:50 244 --ah----- C:\sqmnoopt07.sqm
2008-05-13 21:50 . 2008-05-13 21:50 232 --ah----- C:\sqmdata07.sqm
2008-05-13 21:25 . 2008-05-13 21:25 244 --ah----- C:\sqmnoopt06.sqm
2008-05-13 21:25 . 2008-05-13 21:25 232 --ah----- C:\sqmdata06.sqm
2008-05-13 19:52 . 2008-05-13 19:52 244 --ah----- C:\sqmnoopt05.sqm
2008-05-13 19:52 . 2008-05-13 19:52 232 --ah----- C:\sqmdata05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:41 37,761,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-02 16:40 1,557,536 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-02 16:06 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-02 16:01 --------- d-----w C:\Documents and Settings\Misko\Application Data\Skype
2008-06-02 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 15:56 --------- d-----w C:\Documents and Settings\Misko\Application Data\skypePM
2008-06-02 03:24 518,036 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-02 03:24 151,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:56 --------- d-----w C:\Documents and Settings\Misko\Application Data\uTorrent
2008-05-29 18:02 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 18:39 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 18:39 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-28 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 18:02 --------- d-----w C:\Program Files\ASUS
2008-05-27 17:53 --------- d-----w C:\Program Files\FinePixViewer
2008-05-14 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-28 17:57 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-13 11:21 --------- d-----w C:\Documents and Settings\Misko\Application Data\Yandex
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 19:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-23 19:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 12:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
2007-12-20 00:28 1502232 --a------ C:\Program Files\free-downloads\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= "C:\Program Files\free-downloads\tbfre1.dll" [2007-12-20 00:28 1502232]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D3E23B4B-F153-4687-82C2-816319DD3C5A}"= C:\Program Files\free-downloads\tbfre1.dll [2007-12-20 00:28 1502232]

[HKEY_CLASSES_ROOT\clsid\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-11-16 17:17 3264512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 20:00 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 20:00 2879488 C:\WINDOWS\SkyTel.exe]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-13 18:25 363008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 19:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 19:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 19:44 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39 77824]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 08:00 98304]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-14 01:09 258048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 21:10 1667584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Misko\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-07 08:11:51 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Programi\\uTorrent\\utorrent-1.2.3-beta-build-361.exe"=
"D:\\Igre\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 09:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
S2 vusbbus;Virtual Usb Bus Enumerator;C:\WINDOWS\system32\DRIVERS\vusbbus.sys [2006-06-05 09:52]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-11-17 22:38]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec38183-9a1c-11dc-a447-0018f30e4639}]
\Shell\AutoRun\command - H:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83e83600-6149-11dc-91c6-0018f30e4639}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - ASNDIS5
*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 20:40:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-02 20:42:32
ComboFix-quarantined-files.txt 2008-06-02 16:42:28
ComboFix2.txt 2008-02-27 17:47:52

Pre-Run: 15,492,001,792 bytes free
Post-Run: 15,639,355,392 bytes free

156 --- E O F --- 2008-05-17 14:38:02

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Misko, pogledaj na kom USB sticku imas folder Recycled.
Moguce je da je skriven, tako da bi trebao da ukljucis prikaz skrivenih fajlova. E sada, ja pojma nemama kako da te uputim da to uradis na ruskom Windowsu. Na engleskom ide ovako:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

btw. jel pomoglo malo ovo sto je ComboFix pocistio?

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7911
  • Gde živiš: Moskva, Rusija

Znam gde je folder Recycled. Sta se tamo nalazi?

Combofix nije uradio nista znacajno u vezi sa poboljsanjem brzine.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Misko, sporno mi je sledece:
Recycled\ctfmon.exe

Ovo znaci da ce da se startuje neki ctfmon.exe iz foldera Recycler ukoliko ubacis USB stick ili neki drugi medij koji ima Autorun.
Zapravo, lose sam se izrazuo - u pitanju je jedan medij, samo ja iz loga ne mogu da vidim da li je to USB stick, CD ili sta vec.

ctfmon.exe je u normalnim slucajevima ona ikonica za biranje rasporeda tastature, nalazi se blizu sata dole desno.

U ovom slucaju, ovo je uljez.

Ovo je jedino sto sam nasao u ovom logu.
Sada je na tebi da nadjes gde imas ctfmon.exe u Recycled folderu, tj. na kom mediju ti je to.
Potrebno ti je da ukljucis prikaz skrivenih fajlova. Najbolje je da to uradis iz neko file managera tipa Total Commander, posto Windowsov Explorer ne mozes nikada naterati da ti prikaze apsolutno sve skrivene fajlove.
Kada ubacujes stickove ili CD-ove, drzi pritisnut Shift. Time izbegavas Autorun (za koji sumnjam da je posluzio da se infekcija automatski prosiri).

Eventualno mozemo probati nesto da automatizujemo malo:
Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.


Problem je sto ovaj program ne pravi nikakav izvestaj, pa ja necu znati da li je ista nasao.

Za kraj uradi i sledece:
Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7911
  • Gde živiš: Moskva, Rusija

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Misko, jedina stvar koja nije 100% sigurna je neki free-downloads toolbar za IE.
Imas li ideju da li je namerno instaliran ili se sam ubacio?


Daces mi jos jedan log. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili

Ko je trenutno na forumu
 

Ukupno su 772 korisnika na forumu :: 23 registrovanih, 12 sakrivenih i 737 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., AleksaRadojicic, darkangel, dozorni, Dr.Strangelove, jery2, JOntra2, kybonacci, Marko Marković, mercedesamg, Nebo_M, Njemac, nuke92, pavle_pzs2, Sale.S, sevenino, Vexon, Vladko, vlvl, Z1K4, zlaya011, ZoranB.