Poslao: 06 Apr 2010 20:36
|
offline
- Antares56
- Građanin
- Pridružio: 16 Mar 2009
- Poruke: 147
|
Napisano: 06 Apr 2010 19:32
Kao sto se iz naslova moze zakljuciti koristim Telenor 3G internet od pre mozda 2 meseca. Do pre sedam dana brzina downloada je bila preko 1Mb/s sto je ok. Pre oko sedam dana Kasperski antivirus program je detektovao neki software i koji je zeleo da se pokrene i ja sam ga blokirao (izabrao opciju untrusted), medjutim to je rezultovalo time da windows vise nije mogao da detektuje modem. Znaci, u bilo koji USB port da ga ubacim i pokrenem Telenorovu aplikaciju prijavljuje kao da modem nije stavljen. Onda sam u Kasperski AV odblokirao taj "driversetup.exe" i onda je windows prepoznao modem. Radi se o modemu HUAWEI E1550. Nakon sto je windows detektovao modem uspevam da se konektujem normalno ali je brzina download-a znatno manja (ne uspevam da gledam video sa youtube).
Slede logovi sa DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 18:48:29.28 on Tue 04/06/2010
Internet Explorer: 7.0.6001.18000
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.1919.1005 [GMT 2:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\vmsnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Telenor Internet\Telenor Internet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [Domino] c:\windows\Domino.exe
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TCP: {EA84F460-76CD-44B1-9C70-1F134A9A3D17} = 217.65.192.1 217.65.192.52
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\system32\branding\folderbg\VistaFolderBackground.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-7-3 303376]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-4-5 103040]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2010-4-5 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\usbVM303.sys [2010-4-5 1472768]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 136176]
=============== Created Last 30 ================
==================== Find3M ====================
2010-04-06 01:44:35 174 --sha-w- c:\program files\desktop.ini
2010-04-05 16:59:20 98 ----a-w- c:\program files\state.txt
2010-04-05 16:58:47 142 ----a-w- c:\program files\errorlog.txt
2010-04-05 16:43:06 2762 ----a-w- c:\program files\DeIsL1.isu
2010-04-05 16:43:01 147 ----a-w- c:\program files\_DEISREG.ISR
2010-04-05 15:38:59 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-05 15:38:59 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 15:38:58 86016 ----a-w- c:\windows\inf\infstor.dat
2008-04-04 09:50:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2000-07-31 12:42:04 19093 ----a-w- c:\program files\APGTHelp.htm
2000-07-25 10:58:28 1626 ----a-w- c:\program files\preset.txt
2000-07-06 09:37:14 13974 ----a-w- c:\program files\APLogo.bmp
2000-07-06 08:23:34 13974 ----a-w- c:\program files\APLogoOp.bmp
2000-06-06 14:06:28 4194 ----a-w- c:\program files\circle.bmp
2000-06-06 12:20:34 8398 ----a-w- c:\program files\label.bmp
2000-06-05 16:24:44 26082 ----a-w- c:\program files\NumBev.bmp
2000-06-05 16:24:26 26082 ----a-w- c:\program files\NumClr.bmp
2000-06-05 15:42:52 20250 ----a-w- c:\program files\NotesClr.bmp
2000-06-05 15:42:36 20250 ----a-w- c:\program files\NotesBev.bmp
2000-06-05 09:52:46 7014 ----a-w- c:\program files\gBar.bmp
2000-06-05 09:50:20 726 ----a-w- c:\program files\gTic.bmp
2000-06-05 09:07:24 486 ----a-w- c:\program files\string3.bmp
2000-06-05 09:07:24 302 ----a-w- c:\program files\string2.bmp
2000-06-05 09:07:24 302 ----a-w- c:\program files\string1.bmp
2000-05-31 11:46:24 6198 ----a-w- c:\program files\apSmall.bmp
2008-04-04 09:50:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 18:49:23.59 ===============
mycity.rs/must-login.png
Dopuna: 06 Apr 2010 20:24
Link za GMER download ne radi a RootRepeal blokira pri skeniranju tako da moram da restrartujem racunar da bi proradio. Vidim da je dr Bora napisao da je Uputstvo za otvaranje teme je izmenjeno ali ne vidim nigde tu izmenu odnosno novo upustvo.
Dopuna: 06 Apr 2010 20:36
Jel moguce da mi niko nije odgovorio?! Mislim da sam jasno izlozio problem i dao sve potrebne informacije.
|
|
|
|
|
Poslao: 06 Apr 2010 22:50
|
offline
- Antares56
- Građanin
- Pridružio: 16 Mar 2009
- Poruke: 147
|
Da, sad radi link. Skinuo sam gmer ali vec dva puta pokusavam da skeniram racunar i uvek mi se restartuje racunar u sred skeniranja.
|
|
|
|
Poslao: 06 Apr 2010 23:02
|
offline
- Bogdan-Tc
- Anti Malware Fighter
Rank 1
- Pridružio: 04 Jan 2009
- Poruke: 2168
|
Preuzmi SysProt AntiRootkit sa sledeće stranice:
SysProt downlaod
Na strani koja se otvori treba kliknuti "here" link.
Raspakuj arhivu u neki folder (uputstvo), a zatim:
dvoklikom pokreni program i pređi na Log karticu;
štikliraj svih osam stavki i klikni Create log;
nakon određenog vremena će se pojaviti upit u kome treba obeležiti
Scan root drive only i kliknuti Start;
po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK;
izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program.
Slikoviti prikaz postupka
Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.
|
|
|
|
|
Poslao: 07 Apr 2010 00:47
|
offline
- Bogdan-Tc
- Anti Malware Fighter
Rank 1
- Pridružio: 04 Jan 2009
- Poruke: 2168
|
Logovi su čisti, tako da tvoj problem nije vezan za maliciozne programe.
|
|
|
|
Poslao: 07 Apr 2010 10:50
|
offline
- Antares56
- Građanin
- Pridružio: 16 Mar 2009
- Poruke: 147
|
Mozda zato sto sam pre skeniranja otisao u C:\Program Files\Telenor Internet\Driver i izbrisao "driversetup.exe" koji mi je Kasperski prijavio kao "Suspicious". Dok to nisam uradio nisam mogao da skeniram racunar na sa jednim ponudjenim programom (Gmer, RootRepeal, SysProt AntiRootkit).
|
|
|
|