Usporen rad kompa i stalno zauzeće neta

1

Usporen rad kompa i stalno zauzeće neta

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Juče sam primetio da mi je net nekim programom stalno pokrenut. Takoše se komp nenormalno ponaša.

Prvo pitanje je kojim programom mogu da vidim ko koristi net?
Drugo je da li je i čime inficiran ovaj računar?

Na kompu imam Avast. Konekcija mi je Adsl 521Mb Telekomov.

Evo i logo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:31, on 13.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\PRGRAM FAILS- nediraj\win_PortablApps_mini_programi\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
F:\PRGRAM FAILS- nediraj\win_PortablApps_mini_programi\PortableApps\1BandwidthMeterPro\BWMeterPro.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\HiJack\TR3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = computers.toshiba-europe.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5721 bytes

Hvala na pomoći uanpred.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kakvo je to nenormalno ponasanje?

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-----------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Nenormalno ponašanje je da nije uobičajeno. npr kada uključim BWMeterPro vidim da mi neki program ima stalnu konekciju sa netom. U task menadžeru ne vidim ni jedan program koji radi. To su 1 i 2 slika, a logo je nakačen.


mycity.rs/must-login.png


-----------------

ComboFix 09-03-12.01 - Administrator 2009-03-13 22:41:45.1 - NTFSx86
Running from: c:\documents and settings\Administrator\Desktop\HiJack\New Folder\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\HiJack\New Folder\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090312-0] *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mpg4c32.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-13 22:41 . 2009-03-13 22:41 179,712 --a--c--- c:\windows\system32\krnl386.dll
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Nitro PDF
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\Nitro PDF
2009-03-13 03:20 . 2009-03-13 03:20 <DIR> d----c--- c:\program files\Common Files\BCL Technologies
2009-03-13 02:00 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-13 02:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-13 02:00 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-13 02:00 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-13 02:00 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-13 02:00 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-13 02:00 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-13 02:00 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-13 02:00 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-13 01:31 . 2009-03-13 02:00 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BSplayer PRO
2009-03-13 01:24 . 2009-03-13 01:24 179,712 --a--c--- c:\windows\system32\getmac.dll
2009-03-13 00:40 . 2009-03-13 00:40 67 --a--c--- C:\1.bat
2009-03-10 16:37 . 2009-03-12 23:29 1,167 --a--c--- c:\windows\wincmd.ini
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\UC.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\RAR.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKZIP.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\PKUNZIP.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\NOCLOSE.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\LHA.PIF
2009-03-10 16:37 . 2008-07-29 07:04 545 --a--c--- c:\windows\ARJ.PIF
2009-03-10 12:34 . 2009-03-10 12:34 <DIR> d----c--- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-10 12:34 . 2009-03-10 12:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\DriverCure
2009-03-10 12:34 . 2009-03-10 12:35 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\DriverCure
2009-03-10 12:22 . 2009-03-10 12:22 <DIR> d----c--- c:\program files\Gabest
2009-03-10 12:21 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\DivXCodec
2009-03-10 12:21 . 2009-03-10 12:21 196,608 --a--c--- c:\windows\system32\avisynth.dll
2009-03-10 12:20 . 2009-03-10 12:21 <DIR> d----c--- c:\program files\GordianKnot-kodeci za -win11
2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32f.dll
2009-03-10 12:20 . 2009-03-10 12:20 414,272 --a--c--- c:\windows\system32\DivXc32.dll
2009-03-10 12:20 . 2009-03-10 12:20 291,408 --a--c--- c:\windows\system32\DivXa32.acm
2009-03-10 12:20 . 2009-03-10 12:20 240,400 --a--c--- c:\windows\system32\DivX_c32.ax
2009-03-10 12:20 . 2009-03-10 12:20 33,280 --a--c--- c:\windows\system32\HUFFYUV.DLL
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Real
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\xing shared
2009-03-10 11:26 . 2009-03-10 11:26 <DIR> d----c--- c:\program files\Common Files\Real
2009-03-10 11:02 . 2004-08-04 02:07 221,184 --a--c--- c:\windows\system32\wmpns.dll
2009-03-10 11:02 . 2009-03-10 14:59 23,392 --a--c--- c:\windows\system32\nscompat.tlb
2009-03-10 11:02 . 2009-03-10 14:59 16,832 --a--c--- c:\windows\system32\amcompat.tlb
2009-03-09 17:14 . 2009-03-09 17:14 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\program files\QuickTime
2009-03-09 15:56 . 2009-03-09 15:56 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\program files\Apple Software Update
2009-03-09 15:55 . 2009-03-09 15:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple
2009-03-08 23:21 . 2009-03-08 23:21 <DIR> d----c--- c:\program files\MSBuild
2009-03-08 23:18 . 2009-03-08 23:18 <DIR> d----c--- c:\windows\system32\XPSViewer
2009-03-08 23:17 . 2009-03-08 23:17 <DIR> d----c--- c:\program files\Reference Assemblies
2009-03-08 23:17 . 2006-06-29 13:07 14,048 -----c--- c:\windows\system32\spmsg2.dll
2009-03-04 16:43 . 2009-03-04 16:43 508,200 --a--c--- c:\windows\system32\ICCProfiles.dll
2009-03-04 16:25 . 2009-03-04 16:25 45 ---h-c--- c:\windows\dsez4072.dat
2009-03-03 22:13 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\GARMIN
2009-03-03 01:11 . 2009-03-03 22:13 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\GARMIN
2009-03-03 01:05 . 2009-03-03 22:13 <DIR> d----c--- C:\Garmin
2009-02-26 00:15 . 2009-03-04 14:51 30 --a--c--- c:\windows\Iedit_.INI
2009-02-26 00:09 . 2009-02-26 00:09 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Ulead Systems
2009-02-26 00:06 . 2009-03-02 01:41 <DIR> d--h-c--- c:\program files\InstallShield Installation Information
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\Ulead Systems
2009-02-26 00:06 . 2009-02-26 00:06 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-26 00:06 . 1999-10-15 12:50 1,056,768 -----c--- c:\windows\system32\ROBOEX32.DLL
2009-02-26 00:06 . 2006-07-22 19:37 49,152 -----c--- c:\windows\system32\INETWH32.dll
2009-02-26 00:05 . 2009-02-26 00:06 <DIR> d----c--- c:\program files\Common Files\InstallShield
2009-02-24 01:35 . 2009-03-13 03:13 <DIR> d----c--- c:\windows\Downloaded Installations
2009-02-21 20:05 . 2009-02-21 20:05 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\BWMeterPro
2009-02-17 19:47 . 2009-02-17 19:47 <DIR> d----c--- c:\windows\Sun
2009-02-17 17:47 . 2009-02-17 17:47 <DIR> d----c--- c:\program files\Java
2009-02-17 17:47 . 2009-02-17 17:47 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-02-17 17:47 . 2009-02-17 17:47 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2009-02-17 14:38 . 2009-02-17 14:38 <DIR> d----c--- c:\program files\Bome's Image Resizer
2009-02-16 07:26 . 2009-02-16 07:26 <DIR> d----c--- C:\Sadrzaji
2009-02-15 15:15 . 2009-02-15 18:07 <DIR> d----c--- c:\program files\PhotoFiltre
2009-02-14 02:00 . 2009-02-14 02:00 <DIR> d----c--- c:\documents and settings\FC Portables\Impostazioni locali
2009-02-14 02:00 . 2009-02-14 02:00 <DIR> d----c--- c:\documents and settings\FC Portables
2009-02-13 23:18 . 2009-02-13 23:18 <DIR> d----c--- c:\program files\Common Files\IngPro
2009-02-13 23:08 . 2009-02-13 23:08 <DIR> d----c--- c:\program files\Microsoft.NET
2009-02-13 23:07 . 2009-02-13 23:07 <DIR> dr-h-c--- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 16:22 --------- dc----w c:\documents and settings\Administrator\Application Data\Skype
2009-03-13 16:01 --------- dc----w c:\documents and settings\Administrator\Application Data\skypePM
2009-03-13 00:24 360,320 -c--a-w c:\windows\system32\drivers\tcpip.sys
2009-03-12 23:40 140,288 -c--a-w c:\windows\system32\sfc_os.dll
2009-03-12 23:40 1,134,596 -c--a-w c:\windows\explorer.exe
2009-03-12 17:35 --------- dc----w c:\program files\Planplus
2009-03-10 11:08 --------- dc----w c:\program files\AVS4YOU
2009-03-10 10:55 --------- dc----w c:\program files\Windows Media Connect 2
2009-03-07 23:05 2,516 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-03 14:08 --------- dc----w c:\documents and settings\Administrator\Application Data\Thinstall
2009-03-02 00:38 --------- dc----w c:\program files\Corel
2009-02-16 17:27 --------- dc----w c:\program files\Alwil Software
2009-02-13 09:59 --------- dc----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 08:08 --------- dc----w c:\program files\MSECache
2009-02-10 09:33 --------- dc----w c:\documents and settings\All Users\Application Data\Bitstream
2009-02-10 00:43 88 -csh--r c:\documents and settings\All Users\Application Data\A7F6EE1827.sys
2009-02-09 23:51 --------- dc----w c:\documents and settings\Administrator\Application Data\Corel
2009-02-09 23:49 --------- dc----w c:\program files\Common Files\Protexis
2009-02-09 23:49 --------- dc----w c:\documents and settings\All Users\Application Data\Corel
2009-02-09 23:47 --------- dc----w c:\program files\Common Files\Corel
2009-02-09 14:53 --------- dc----w c:\program files\Microsoft
2009-02-09 10:19 1,846,272 -c--a-w c:\windows\system32\win32k.sys
2009-02-08 18:58 --------- dc----w c:\program files\TeleTRADER 4
2009-02-06 19:02 --------- dc----w c:\program files\Common Files\AVSMedia
2009-02-06 19:02 --------- dc----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-06 18:59 0 -c-ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-06 18:59 --------- dc----w c:\documents and settings\Administrator\Application Data\Nokia
2009-02-06 18:58 --------- dc----w c:\program files\Nokia
2009-02-06 18:58 --------- dc----w c:\program files\Common Files\PCSuite
2009-02-06 18:58 --------- dc----w c:\program files\Common Files\Nokia
2009-02-06 18:57 --------- dc----w c:\program files\PC Connectivity Solution
2009-02-06 18:57 --------- dc----w c:\program files\DIFX
2009-02-06 18:56 --------- dc----w c:\documents and settings\All Users\Application Data\Installations
2009-02-06 11:01 --------- dc----w c:\documents and settings\Administrator\Application Data\Ing-Pro
2009-02-05 23:44 --------- dc----w c:\documents and settings\Administrator\Application Data\Nitro PDF
2009-02-05 23:37 --------- dc----w c:\documents and settings\All Users\Application Data\Nitro PDF
2009-02-05 23:06 --------- dc----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-05 22:58 --------- dc----w c:\program files\Common Files\Adobe
2009-02-05 22:58 --------- dc----w c:\program files\Bonjour
2009-02-05 22:49 --------- dc----w c:\program files\Common Files\Macrovision Shared
2009-02-05 22:37 --------- dc----w c:\program files\Skype
2009-02-05 22:37 --------- dc----w c:\program files\Common Files\Skype
2009-02-05 22:37 --------- dc----w c:\documents and settings\All Users\Application Data\Skype
2009-02-05 22:34 --------- dc----w c:\program files\Common Files\Ahead
2009-02-05 22:34 --------- dc----w c:\program files\Ahead
2009-02-03 21:33 --------- dc----w c:\program files\Microsoft ActiveSync
2009-02-03 20:34 --------- dc----w c:\program files\CONEXANT
2009-02-03 20:20 --------- dc----w c:\program files\microsoft frontpage
2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 02:07 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2009-03-13 01:24 360320 a8a6c5b80cb4b619d1a41892eee69e11 c:\windows\system32\drivers\tcpip.sys

2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\explorer.exe
2009-03-13 00:40 1134596 083e59f847d11f4af9d4d57d4ad51be3 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
--a--c--- 2009-03-04 16:43 209216 c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-02-17 17:47 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--a--c--- 2007-08-02 21:08 95504 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\apache2\\bin\\Apache_21.exe"=
"f:\\Wsc i Sve za njega\\WSC-CDMS\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-11-29 225792]


--- Other Services/Drivers In Memory ---

*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - COMSysApp
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - HTTP
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - PSI_SVC_2
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3be4117-f3bd-11dd-b373-0016363dc76c}]
\Shell\AutoRun\command - G:\ph.com
\Shell\explore\Command - G:\ph.com
\Shell\open\Command - G:\ph.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.computers.toshiba-europe.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5qo5u03u.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-13 22:43:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-13 22:44:18
ComboFix-quarantined-files.txt 2009-03-13 21:44:10

Pre-Run: 7.784.476.672 bytes free
Post-Run: 7,768,854,528 bytes free

333 --- E O F --- 2009-03-13 02:42:18

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\windows\system32\getmac.dll


preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

nakaćeno je. Nego mi zakucava računar stalno na 100%, pa sam morao da ga restartujem da bi mogao da nakačim fajl.

Dopuna: 14 Mar 2009 1:33

Ono sam mislio na stalnu komunikaciju sa netom a ja mu nisam nišra zadao.

mislim da si razumeo iako nisam dobro napisao. Usput i zakucava. Ovo sve se dešava posle instalacije bs palyera. Kada sam pokrenuo instalaciju počeo je Avast da kuka, a ja sam mu odmah dao da obriše ali posle više minutne borbe ipak je izbacio instalacioni deo, prozor a ialo sam prekinuo instalaciju ipak je bilo kako je sada. Lošeeee za računar.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

A, kako ti sad radi Avast!, rekao bih da je ostecen?

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Prvo Avast radi nešto što nije radio pre a to je da kontroliše poštu mnogo duže. Plus explorer radi na sto posto stalno, vidim u taskmenadžeru.

Da li je rešenje da reinstaliram Avast. Imam i nod kao mogućnost da instaliram a i Simantec koji me iskreno nervira.

Dopuna: 14 Mar 2009 10:40

Kako da promenim u naslovu slovnu grešku?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Samo ja mogu da ti promenim naslov.

Reinstaliraj Avast!.

offline
  • Pridružio: 07 Nov 2007
  • Poruke: 80
  • Gde živiš: Bgd; Address: +44° 48' 54.62", +20° 29' 50.96"

Nisi mi odgovorio kojim programom mogu da vidim koji programi koriste u realnom vremenu net konekciju?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

pelle6 ::Nisi mi odgovorio kojim programom mogu da vidim koji programi koriste u realnom vremenu net konekciju?

Nemam pojma tacno. Ja sam koristio Comdo Firewall i on je ispisivao.

Ko je trenutno na forumu
 

Ukupno su 937 korisnika na forumu :: 24 registrovanih, 4 sakrivenih i 909 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Bojan85, bokisha253, brundo65, cifra, comi_pfc, DejanCG, Ivica1102, Kenanjoz, Kriglord, krkalon, Leonov, mercedesamg, Metanoja, Mihajlo, milos.cbr, mkukoleca, pein, randja26, Romibrat, Shinobi, vaso1, Vl veliki, xanadu