Se da poza urmatoare , trafic nu a fost chiar atat de intens
totusi
, nu stiu cum transform din packets in mb sa vad daca e posibil , am doar ~1.5TB date in pc , desi mi se par cam multe sent packets
. Nu prea am gasit info pe gogu despre bug specific prolemei mele si daia intreb.
Deci spyware , ceva ceva ?
Ceva similar am gasit aici :
http://windows.ittoolbox.com/groups/...7?cv=expanded#
Toti se bat in piept ca e worm , spyware , something ....dar totusi am router inainte de conexiune care taie totul , nu am nici un port forward , si pe pc am si zone alarm , care da voie doar la programele care ar trebui sa aiba voie ....what am i missing ?
In wireshark nu vad nimica dubios ...the usual ..idei ?
HijackThis log file :
Quote:
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe
C:Program FilesLexmark X1100 Serieslxbkbmgr.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesVMwareVMware Workstationvmware-tray.exe
C:Program FilesLexmark X1100 Serieslxbkbmon.exe
C:Program FilesVMwareVMware Workstationhqtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesDAEMON Tools ProDTProAgent.exe
C:WINDOWSALCFDRTM.EXE
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:PROGRA~1MICROS~3rapimgr.exe
C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
C:Program FilesAPCAPC PowerChute Personal Editionapcsystray.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe
C:Program FilesCommon FilesVMwareVMware Virtual Image Editingvmount2.exe
C:WINDOWSsystem32vmnat.exe
C:WINDOWSsystem32vmnetdhcp.exe
C:Program FilesVMwareVMware Workstationvmware-authd.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWinampwinamp.exe
C:Program FilesWiresharkwireshark.exe
C:Program FilesWiresharkdumpcap.exe
C ocuments and SettingsMeDesktopHiJackThis.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 138.232.66.195:3124
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [JMB36X IDE Setup] C:WINDOWSRaidToolxInsIDE.exe
O4 - HKLM..Run: [36X Raid Configurer] C:WINDOWSsystem32xRaidSetup.exe boot
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageHomeTrueImageMonitor.exe
O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageHomeTimounterMonitor.exe
O4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [Lexmark X1100 Series] "C:Program FilesLexmark X1100 Serieslxbkbmgr.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [vmware-tray] C:Program FilesVMwareVMware Workstationvmware-tray.exe
O4 - HKLM..Run: [VMware hqtray] "C:Program FilesVMwareVMware Workstationhqtray.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKCU..Run: [DAEMON Tools Pro Agent] "C:Program FilesDAEMON Tools ProDTProAgent.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncWcescomm.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{B6F2B615-1649-416D-859E-022385A0194E}: NameServer = 193.231.169.2,193.231.236.30
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:Program FilesAPCAPC PowerChute Personal Editionmainserv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:Program FilesWinPcaprpcapd.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:Program FilesCommon FilesAcronisFomatikTrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:Program FilesVMwareVMware Workstationvmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program FilesVMwareVMware Workstationvmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:WINDOWSsystem32vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:Program FilesCommon FilesVMwareVMware Virtual Image Editingvmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:WINDOWSsystem32vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
|
29-06-2008, 22:57
Bug or computer hijacking ?! 
, ideea e ca am dat si un restart dupa problema si acuma nu mai vad trafic , practic imi stau iconitele de network stinse, pana acuma nu se stingeau 
Cumpără jocuri prin SMS
