gubim konekciju svake 2 min

gubim konekciju svake 2 min

offline
  • Pridružio: 27 Mar 2008
  • Poruke: 60

Napisano: 31 Avg 2013 3:26

Molim pomoc, od danas gubim konekciju svake 2 min. Pokusao sam sa antimalware-om ali nula bodova. AV kaze da je failed to read firewall configuration. 10mbps

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer:
Run by Administrator at 3:18:21 on 2013-08-31
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.1023.553 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\AEADISRV.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Documents and Settings\Administrator\Desktop\GoogleChromePortable\GoogleChromePortable.exe
C:\Documents and Settings\Administrator\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoInternetIcon = dword:1
uPolicies-Explorer: NoSMHelp = dword:1
uPolicies-Explorer: ForceClassicControlPanel = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-System: DisableCAD = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoInternetIcon = dword:1
mPolicies-Explorer: NoSMHelp = dword:1
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5DF14068-91D7-42F6-84F8-A415424CBB36} : DHCPNameServer = 192.168.1.1
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: SecurityProviders = schannel.dll, digest.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R?2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-7-8 1338264]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-4 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-4 175176]
R0 edevmon;edevmon;c:\windows\system32\drivers\edevmon.sys [2013-7-8 187808]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2013-3-26 44240]
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-11-17 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-11-17 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-11-17 13616]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-3-4 770344]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-7-8 134248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-4 66336]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2013-3-5 2849120]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\fimgin.sys --> c:\windows\system32\drivers\fimgin.sys [?]
R3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [2013-7-16 616064]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-20 36608]
S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt32.sys [2013-6-4 17920]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2013-5-6 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2013-5-6 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2013-5-6 123648]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-3-4 29816]
S4 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-3-4 369584]
S4 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
.chm: <filetype is not registered>
FileExt: .js: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-31 01:07:51 103140 ----a-w- C:\tnbfme.exe
2013-08-31 00:57:13 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-08-31 00:56:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-31 00:54:46 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-08-31 00:54:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-31 00:54:16 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2013-08-31 00:54:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-31 00:54:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-31 00:41:22 416256 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-08-31 00:41:21 -------- d-----w- c:\program files\Trend Micro
2013-08-31 00:32:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ESET
2013-08-31 00:32:39 -------- d-----w- c:\documents and settings\administrator\application data\ESET
2013-08-31 00:25:55 -------- d-----w- c:\program files\ESET
2013-08-31 00:15:54 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-08-31 00:15:54 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
2013-08-31 00:14:50 -------- d-----w- c:\program files\stinger
2013-08-30 23:45:36 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-08-30 23:45:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\MFAData
2013-08-30 23:45:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Avg2013
2013-08-30 23:02:46 -------- d-----w- c:\program files\msn gaming zone
2013-08-30 22:53:40 -------- d-----w- c:\documents and settings\administrator\application data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2013-08-30 19:34:44 -------- d-----w- c:\documents and settings\all users\application data\Protexis
2013-08-30 19:30:00 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\corelphotopaint\9.0\1033\ResourceCache.dll
2013-08-30 19:25:10 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\coreldraw\9.0\1033\ResourceCache.dll
2013-08-30 19:23:19 416 ----a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2013-08-30 19:18:37 -------- d-----w- c:\documents and settings\all users\application data\Corel
2013-08-30 18:40:21 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-08-30 18:37:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-08-30 18:37:44 117760 ------w- c:\windows\system32\prntvpt.dll
2013-08-30 18:37:43 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-08-30 18:37:43 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-08-30 18:37:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-08-30 18:37:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-08-30 18:37:41 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-08-30 18:37:41 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-08-30 18:27:41 -------- d-----w- c:\documents and settings\all users\application data\CorelDRAW Graphics Suite X6
2013-08-23 14:52:12 -------- d-----w- c:\program files\Inno Setup 5
2013-08-23 14:17:23 -------- d-----w- C:\temp
2013-08-16 18:14:29 -------- d-----w- c:\documents and settings\administrator\application data\ViberPC
2013-08-16 18:13:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Viber
2013-08-14 18:47:06 -------- d-----w- c:\documents and settings\administrator\application data\Adobe Mini Bridge CS5.1
2013-08-14 18:47:05 -------- d-----w- c:\documents and settings\administrator\application data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-08-13 22:23:11 -------- d-----w- c:\documents and settings\administrator\application data\Unity
2013-08-13 22:21:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Unity
2013-08-10 21:44:54 -------- d-----w- c:\documents and settings\administrator\application data\Resource Tuner
2013-08-10 14:58:29 -------- d-----w- c:\documents and settings\administrator\application data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-08-06 22:51:33 -------- d-----w- c:\documents and settings\administrator\application data\Foxit Software
2013-08-06 03:26:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
.
==================== Find3M ====================
.
2013-08-04 12:16:56 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-04 12:16:56 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-08 12:41:52 61600 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2013-07-08 12:41:52 38952 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2013-07-08 12:41:48 174400 ----a-w- c:\windows\system32\drivers\epfw.sys
2013-07-08 12:41:12 134248 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2013-07-08 12:40:30 187808 ----a-w- c:\windows\system32\drivers\edevmon.sys
2013-07-08 12:40:28 184664 ----a-w- c:\windows\system32\drivers\eamon.sys
2013-06-28 06:36:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 06:36:07 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
============= FINISH: 3:18:48,17 ===============

Dopuna: 31 Avg 2013 3:29

mycity.rs/must-login.png

Dopuna: 31 Avg 2013 3:35

ovaj fajl mi AM prijavi kao infekciju, ne moze se obrisati



Dopuna: 31 Avg 2013 3:40

I skype nije moguce pokrenuti nikako

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Na računaru imaš opasnu infekciju - fajl infektor Sality.
Pošto je dezinfekcija nemoguća iz aktivnog Windowsa, preporučujem ti sljedeće solucije:

1) Da posjetiš temu Primena Live CD Rescue rešenja kako bi skenirao računar sa nekim RescueCD rješenjem. Napisana su detaljna uputstva kako se skenira računar sa popularnim rješenjima. Ovo ti je najlakša solucija, ako nisi zainteresovan za reinstalaciju operativnog sistema.

2) Hard disk možeš da izvadiš iz računara i montiraš ga na drugi računar, koji nije inficiran. Sa tog drugog računara skeniraj montirani hard disk (napomena: ako se odlučiš za ovu varijantu, nemoj ulaziti na zaraženi hard disk dok ga prethodno ne skeniraš i ukloniš infekciju).

3) Formatiraj sistemsku particiju (particiju na kojoj ti je instaliran operativni sistem) i nanovo instaliraj Windows. Nemoj da ulaziš na druge particije, već instaliraj antivirus, ažuriraj ga i skeniraj ostale particije koje imaš. Nakon uklanjanja infekcije, možeš otvarati i druge particije.



Nakon sto se odlucis za neku od varijanti, kada zavrsis, nemoj koristiti ni jedan USB ako ih imas, jer ova infekcija obicno dolazi sa istih. Da ocistis eventualno inficirane USB-ove, isprati ovo uputstvo


Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Ko je trenutno na forumu
 

Ukupno su 669 korisnika na forumu :: 9 registrovanih, 2 sakrivenih i 658 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: FrankyRC, GreenMan, ILGromovnik, kybonacci, mane123, saputnik plavetnila, Smiljke, Snorks, vranjanac29