MyCity » Ambulanta -> Arhiva Ambulante » Zapucavanje konekcije-Blago Usporenje Win-a-Vundo?

Zapucavanje konekcije-Blago Usporenje Win-a-Vundo?

Napisano na dan: 17.6.2009

Zapucavanje konekcije-Blago Usporenje Win-a-Vundo?

Sledeća strana

Pagination

Odgovori

MarioBB Poslao: 17 Jun 2009 23:57 Idi na vrh
offline MarioBB Građanin Pridružio: 27 Nov 2006 Poruke: 129 Gde živiš: Zrenjanin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav , treba mi potvrda da li mi se nije nesto zavuklo u komp , simptomi su cesto tjs precesto zapucavanje konekcije i nista ne pomaze osim disconnecta / connecta ili cak potpunog disableovanja mrezne (koristim wifi pppoe preko access pointa).. Nije da se secam bas najbolje ali cini mi se da mi se ova zapucavanja konekcije desavaju od kada sam instalirao Mp3 Rocket(Java program gde mi se mozda Vundo opet zavukao a imao sam i ranije problema sa njime) , a i zadnje je takodje bio instaliran Elite AntiKeylogger 3.0 ..Takodje se nekada desavaju i blaga usporavanja Windows-a pa cak i zapucavanje istog.. Ako vam nesto znaci .. Uglavnom bio bih vam zahvalan na analizi .. Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:56:15, on 17.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Programs\DIVX\PLAYERS\KMPlayer\KMPlayer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Calaramongos\Desktop\Folder\HT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1547161642-299502267-682003330-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Bakuta') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{0454B51C-ED2D-4208-9791-8064AB6B8B46}: NameServer = 195.252.109.4 194.106.163.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{0454B51C-ED2D-4208-9791-8064AB6B8B46}: NameServer = 195.252.109.4 194.106.163.3 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 6140 bytes

Profil

argus Poslao: 18 Jun 2009 08:07 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, u logu nema nista sumnjivo, ali mozemo da odradimo jos jednu proveru. Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

MarioBB Poslao: 18 Jun 2009 11:44 Idi na vrh
offline MarioBB Građanin Pridružio: 27 Nov 2006 Poruke: 129 Gde živiš: Zrenjanin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav .. ComboFix Log: ComboFix 09-06-17.02 - Calaramongos 18.06.2009 11:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1014.612 [GMT 2:00] Running from: c:\documents and settings\Calaramongos\Desktop\Folder\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Desktop_.ini . ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))) . 2009-06-14 15:21 . 2009-01-21 09:52 155648 ----a-w- c:\windows\system32\igfxCoIn_v5029.dll 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Shared 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Incomplete 2009-06-14 12:38 . 2009-06-15 13:31 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\MP3Rocket 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\program files\MP3 Rocket 2009-06-03 14:12 . 2009-06-03 16:09 -------- d-----w- c:\documents and settings\Bakuta\Contacts 2009-06-02 17:46 . 2009-06-03 10:19 -------- d-----w- c:\program files\Common Files\stardock 2009-06-01 17:20 . 2009-06-01 17:20 -------- d-----w- c:\documents and settings\RS\Application Data\Search Settings 2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\Bakuta\Application Data\Search Settings 2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\RS\Local Settings\Application Data\Mozilla 2009-05-24 17:44 . 2009-05-24 17:44 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Identities 2009-05-24 15:59 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Adobe 2009-05-24 15:35 . 2009-05-24 15:35 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Mozilla 2009-05-20 08:16 . 2009-05-20 08:16 42960 ----a-w- c:\documents and settings\Danijel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 12:20 . 2009-03-05 13:22 -------- d-----w- c:\program files\BearShare 2009-06-02 18:02 . 2009-03-06 13:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-05-28 09:08 . 2009-03-05 13:23 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-05-21 20:54 . 2009-03-06 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-21 14:22 . 2009-04-26 11:51 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Skype 2009-05-21 14:02 . 2009-04-26 11:54 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\skypePM 2009-05-18 19:00 . 2009-05-18 19:00 -------- d-----w- c:\program files\Google 2009-05-18 19:00 . 2009-03-05 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-17 19:58 . 2009-05-17 19:58 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Renegade Minds 2009-05-12 21:36 . 2009-03-05 12:54 42960 ----a-w- c:\documents and settings\Calaramongos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 21:28 . 2009-05-12 21:28 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Publish Providers 2009-05-12 21:28 . 2009-05-12 21:00 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony 2009-05-12 20:54 . 2009-05-12 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-05-12 20:48 . 2009-05-12 20:48 -------- d-----w- c:\program files\MSBuild 2009-05-12 20:48 . 2009-05-12 20:48 116040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-12 20:44 . 2009-05-12 20:44 -------- d-----w- c:\program files\Reference Assemblies 2009-05-12 20:31 . 2009-05-12 19:35 52770576 ----a-w- c:\documents and settings\Calaramongos\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe 2009-05-12 19:35 . 2009-05-12 19:35 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony Setup 2009-05-07 15:31 . 2009-03-06 13:35 -------- d-----w- c:\program files\Common Files\Nero 2009-05-07 15:30 . 2009-04-02 19:49 -------- d-----w- c:\program files\BearShare Applications 2009-05-07 11:59 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\TeamViewer 2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\program files\TeamViewer 2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w- c:\program files\YouTube Downloader 2009-04-29 21:19 . 2009-04-29 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2009-04-29 21:16 . 2009-04-29 21:16 -------- d-----w- c:\program files\IVT Corporation 2009-04-29 21:11 . 2009-03-05 13:06 -------- d-----w- c:\program files\Common Files\InstallShield 2009-04-29 20:36 . 2009-04-29 16:31 -------- d-----w- c:\documents and settings\Danijel\Application Data\Skype 2009-04-26 16:36 . 2009-03-05 13:21 -------- d-----w- c:\program files\Mv2Player 2009-04-26 11:54 . 2009-04-26 11:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Skype 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Common Files\Skype 2009-04-17 20:38 . 2009-04-17 20:38 42960 ----a-w- c:\documents and settings\RS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-27 18:36 . 2009-03-06 13:47 290816 ----a-w- c:\windows\system32\TubeFinder.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-05 278264] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-05 1797880] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-4-29 1183744] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.3.2009 15:24 101776] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.3.2009 15:24 31504] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 13:07 61424] S3 Ipnatlaawcp;Ipnatlaawcp; [x] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 13:54 97136] . Contents of the 'Scheduled Tasks' folder 2009-06-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ uInternet Connection Wizard,ShellNext = iexplore IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-18 11:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************ . Completion time: 2009-06-18 11:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-18 09:39 Pre-Run: 17.099.464.704 bytes free Post-Run: 18.444.189.696 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 163

Profil

argus Poslao: 18 Jun 2009 14:33 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Ipnatlaawcp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MarioBB Poslao: 19 Jun 2009 02:20 Idi na vrh
offline MarioBB Građanin Pridružio: 27 Nov 2006 Poruke: 129 Gde živiš: Zrenjanin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-17.02 - Calaramongos 19.06.2009 2:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1014.559 [GMT 2:00] Running from: c:\documents and settings\Calaramongos\Desktop\Folder\ComboFix.exe Command switches used :: c:\documents and settings\Calaramongos\Desktop\Folder\CFScript.txt.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . /wow section - STAGE 32A The system cannot find the path specified. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\CALARA~1\LOCALS~1\Temp\catchme.dll c:\documents and settings\Calaramongos\Local Settings\Temp\catchme.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ipnatlaawcp ((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 ))))))))))))))))))))))))))))))) . 2009-06-14 15:21 . 2009-01-21 09:52 155648 ----a-w- c:\windows\system32\igfxCoIn_v5029.dll 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Shared 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\documents and settings\Calaramongos\Incomplete 2009-06-14 12:38 . 2009-06-15 13:31 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\MP3Rocket 2009-06-14 12:38 . 2009-06-14 12:38 -------- d-----w- c:\program files\MP3 Rocket 2009-06-03 14:12 . 2009-06-03 16:09 -------- d-----w- c:\documents and settings\Bakuta\Contacts 2009-06-02 17:46 . 2009-06-03 10:19 -------- d-----w- c:\program files\Common Files\stardock 2009-06-01 17:20 . 2009-06-01 17:20 -------- d-----w- c:\documents and settings\RS\Application Data\Search Settings 2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\Bakuta\Application Data\Search Settings 2009-06-01 17:19 . 2009-06-01 17:19 -------- d-----w- c:\documents and settings\RS\Local Settings\Application Data\Mozilla 2009-05-24 17:44 . 2009-05-24 17:44 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Identities 2009-05-24 15:59 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Adobe 2009-05-24 15:35 . 2009-05-24 15:35 -------- d-----w- c:\documents and settings\Bakuta\Local Settings\Application Data\Mozilla 2009-05-20 08:16 . 2009-05-20 08:16 42960 ----a-w- c:\documents and settings\Danijel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 12:20 . 2009-03-05 13:22 -------- d-----w- c:\program files\BearShare 2009-06-02 18:02 . 2009-03-06 13:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-05-28 09:08 . 2009-03-05 13:23 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-05-21 20:54 . 2009-03-06 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-05-21 14:22 . 2009-04-26 11:51 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Skype 2009-05-21 14:02 . 2009-04-26 11:54 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\skypePM 2009-05-18 19:00 . 2009-05-18 19:00 -------- d-----w- c:\program files\Google 2009-05-18 19:00 . 2009-03-05 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-17 19:58 . 2009-05-17 19:58 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Renegade Minds 2009-05-12 21:36 . 2009-03-05 12:54 42960 ----a-w- c:\documents and settings\Calaramongos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-12 21:28 . 2009-05-12 21:28 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Publish Providers 2009-05-12 21:28 . 2009-05-12 21:00 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony 2009-05-12 20:54 . 2009-05-12 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-05-12 20:48 . 2009-05-12 20:48 -------- d-----w- c:\program files\MSBuild 2009-05-12 20:48 . 2009-05-12 20:48 116040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-12 20:44 . 2009-05-12 20:44 -------- d-----w- c:\program files\Reference Assemblies 2009-05-12 20:31 . 2009-05-12 19:35 52770576 ----a-w- c:\documents and settings\Calaramongos\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe 2009-05-12 19:35 . 2009-05-12 19:35 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\Sony Setup 2009-05-07 15:31 . 2009-03-06 13:35 -------- d-----w- c:\program files\Common Files\Nero 2009-05-07 15:30 . 2009-04-02 19:49 -------- d-----w- c:\program files\BearShare Applications 2009-05-07 11:59 . 2009-05-07 11:09 -------- d-----w- c:\documents and settings\Calaramongos\Application Data\TeamViewer 2009-05-07 11:09 . 2009-05-07 11:09 -------- d-----w- c:\program files\TeamViewer 2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w- c:\program files\YouTube Downloader 2009-04-29 21:19 . 2009-04-29 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth 2009-04-29 21:16 . 2009-04-29 21:16 -------- d-----w- c:\program files\IVT Corporation 2009-04-29 21:11 . 2009-03-05 13:06 -------- d-----w- c:\program files\Common Files\InstallShield 2009-04-29 20:36 . 2009-04-29 16:31 -------- d-----w- c:\documents and settings\Danijel\Application Data\Skype 2009-04-26 16:36 . 2009-03-05 13:21 -------- d-----w- c:\program files\Mv2Player 2009-04-26 11:54 . 2009-04-26 11:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Skype 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-04-26 11:49 . 2009-04-26 11:49 -------- d-----w- c:\program files\Common Files\Skype 2009-04-17 20:38 . 2009-04-17 20:38 42960 ----a-w- c:\documents and settings\RS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-27 18:36 . 2009-03-06 13:47 290816 ----a-w- c:\windows\system32\TubeFinder.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-03-05 278264] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-05 1797880] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-4-29 1183744] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5.3.2009 15:24 101776] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5.3.2009 15:24 31504] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.5.2008 13:07 61424] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 13:54 97136] . Contents of the 'Scheduled Tasks' folder 2009-06-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 21:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/ uInternet Connection Wizard,ShellNext = iexplore IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-19 02:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3448-) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Java\jre6\bin\jqs.exe . ************************************************************************ . Completion time: 2009-06-19 2:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-19 00:18 ComboFix2.txt 2009-06-18 09:39 Pre-Run: 18.369.597.440 bytes free Post-Run: 18.400.026.624 bytes free 163

Profil

argus Poslao: 19 Jun 2009 09:26 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde je sve cisto. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MarioBB Poslao: 19 Jun 2009 12:52 Idi na vrh
offline MarioBB Građanin Pridružio: 27 Nov 2006 Poruke: 129 Gde živiš: Zrenjanin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deinstaliran .. To bi bilo to ?

Profil

argus Poslao: 19 Jun 2009 14:05 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da to je sve, imas li nekih problema?

Profil

MarioBB Poslao: 19 Jun 2009 14:14 Idi na vrh
offline MarioBB Građanin Pridružio: 27 Nov 2006 Poruke: 129 Gde živiš: Zrenjanin	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Apsolutno nikakvih .. Izgleda Ok sve .. Hvala na ulozenom trudu ! Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zapucavanje konekcije-Blago Usporenje Win-a-Vundo?

Ko je trenutno na forumu

Ukupno su 790 korisnika na forumu :: 18 registrovanih, 2 sakrivenih i 770 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bigfoot, Bobrock1, deimos25, goxin, kikisp, kybonacci, madza, milan.vukovic, milenko crazy north, Misirac, Nemanja.M, pacika, sevenino, Sir Budimir, slonic_tonic, SR-3m, stankolich, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by