Comodo Firewall Pro

nikikom · Януари 22, 2010

За да стане по-ясно на потребителите, блокирането на изходящите отговори PROTOCOL UNREACHABLE, има отношение към това да са стелт.

tanganika · Януари 28, 2010

...Доволен съм от стената, че си върши добре работата (особена нужда имах от DoS защита, защото имах накакви подозрения за такава атака)...

Как се установява дали защитната стена осигурява DoS защита ?

Стартирането на този драйвер толкова рано ли ?

http://i49.tinypic.com/a4oqqh.jpg

Когато съм ползвал Outpost Firewall Free и Online Armor Firewall Free не съм забелязал да се стартират техни процеси на това ниво,означава ли че не осигуряват DoS защита ?

The Graverobber · Януари 28, 2010

стартирането рано на комодо няма абсолютно нищо общо със защитата от такива атаки - изпращат се пакети с грешна информация към даден порт, така че програмата използваща този порт да не може нормално да функционира - sql сървъри, web сървъри и т.н. комодо има специална настройка за този вид атаки, която не съм срещал при други стени - ограничаването на приемането на пакети за секунда, но колкото повече се ограничават приетите пакети, толкова повече ще се натоварва и процесора.

tanganika · Януари 28, 2010

стартирането рано на комодо няма абсолютно нищо общо със защитата от такива атаки - изпращат се пакети с грешна информация към даден порт, така че програмата използваща този порт да не може нормално да функционира - sql сървъри, web сървъри и т.н. комодо има специална настройка за този вид атаки, която не съм срещал при други стени - ограничаването на приемането на пакети за секунда, но колкото повече се ограничават приетите пакети, толкова повече ще се натоварва и процесора.

Тези настройки ли имаш предвид ?

http://i50.tinypic.com/295bejm.jpg

Аз също не съм видял при другите защитни стени такава опция за настройки,но предполагам че и те осигуряват DoS защита.

The Graverobber · Януари 28, 2010

да за тези става въпрос. то и обикновената уиндоуска стена осигурява защита, но е важно регулирането на приетите пакети. ефекта от ДоС атака може да бъде намален, но не и неутрализиран.

marinlp · Февруари 2, 2010

Здравей те!Немога да премахна защитната стена напълно на комодо деинсталирах я но в контрол панел настройки ми показва че имам две и едната е включена върнах компютъра с един ден назад преди да съм я инсталирал но пак ми показва че имам две какво да правя за да реша проблема сега незнам имам ли защитна стена или не.

B-boy/StyLe/ · Февруари 2, 2010

Здравей те!Немога да премахна защитната стена напълно на комодо деинсталирах я но в контрол панел настройки ми показва че имам две и едната е включена върнах компютъра с един ден назад преди да съм я инсталирал но пак ми показва че имам две какво да правя за да реша проблема сега незнам имам ли защитна стена или не.

За коя Операционна Система ?

Пробвай това:

1. Отвори Start menu.

2. Избери Run...

3. Напиши wbemtest и натисни OK.

4. Натисни Connect и напиши root\SecurityCenter

5. Натисни Connect

6. Посочи Query

7. Въведи командата SELECT * FROM FirewallProduct и натисни Apply

8. Провери от списъка дали присъства стената на COMODO и го изтрий.

http://img.photobucket.com/albums/v666/sUBs/Delete_AV_From_WMI.gif

или виж дали коментара на i.kanelov ще помогне.

Ако нищо не помогне пусни един лог от Combofix и ще изтрием записа с една команда за Combofix.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

marinlp · Февруари 2, 2010

За коя Операционна Система ?

Пробвай това:

1. Отвори Start menu.
2. Избери Run...
3. Напиши wbemtest и натисни OK.
4. Натисни Connect и напиши root\SecurityCenter
5. Натисни Connect
6. Посочи Query
7. Въведи командата SELECT * FROM FirewallProduct и натисни Apply
8. Провери от списъка дали присъства стената на COMODO и го изтрий.

http://img.photobucket.com/albums/v666/sUBs/Delete_AV_From_WMI.gif

или виж дали коментара на i.kanelov ще помогне.

Ако нищо не помогне пусни един лог от Combofix и ще изтрием записа с една команда за Combofix.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Това ми показва даго трияли

Ето и лога ComboFix 10-02-01.03 - Notebook 02.2010 г. 16:19:23.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1251.359.1033.18.1014.568 [GMT 2:00]

Running from: c:\documents and settings\Notebook\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100202-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

.

((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))

.

2010-02-02 12:36 . 2010-02-02 12:36 5430 ----a-r- c:\documents and settings\Notebook\Application Data\Microsoft\Installer\{8F0FD5F9-160E-4BC9-AA6A-41B90F6A0C1E}\_E239902D64A9CBC59C1299.exe

2010-02-02 12:36 . 2010-02-02 12:36 5430 ----a-r- c:\documents and settings\Notebook\Application Data\Microsoft\Installer\{8F0FD5F9-160E-4BC9-AA6A-41B90F6A0C1E}\_26E8300A92090076D3190F.exe

2010-02-02 12:36 . 2010-02-02 12:36 5430 ----a-r- c:\documents and settings\Notebook\Application Data\Microsoft\Installer\{8F0FD5F9-160E-4BC9-AA6A-41B90F6A0C1E}\_6FEFF9B68218417F98F549.exe

2010-02-02 12:36 . 2010-02-02 12:36 -------- d-----w- c:\program files\Readon Technology

2010-02-01 19:59 . 2010-02-01 19:59 -------- d-----w- c:\program files\Your Uninstaller 2010

2010-02-01 18:52 . 2010-02-01 18:52 -------- d-----w- c:\documents and settings\Notebook\Application Data\IObit

2010-02-01 13:41 . 2010-02-01 13:41 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Application Data\Readon_Technology

2010-02-01 12:11 . 2010-02-01 12:11 -------- d-----w- c:\windows\system32\wbem\Repository

2010-01-31 17:59 . 2010-02-01 12:54 -------- d-----w- c:\program files\Unlocker

2010-01-31 15:00 . 2010-01-31 15:00 -------- d-----w- c:\documents and settings\Notebook\Application Data\vlc

2010-01-29 15:39 . 2010-01-29 15:39 -------- d-----w- c:\documents and settings\Notebook\Application Data\Stellarium

2010-01-24 17:46 . 2010-01-24 17:46 603904 ----a-w- c:\windows\system32\TUProgSt.exe

2010-01-24 17:46 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-24 17:46 . 2010-01-24 17:46 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe

2010-01-24 17:46 . 2010-01-24 17:46 -------- d-----w- c:\program files\TuneUp Utilities 2009

2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\documents and settings\Notebook\Application Data\GRETECH

2010-01-20 14:06 . 2010-01-20 14:06 152416 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-01-20 13:42 . 2010-01-20 13:42 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-01-20 13:10 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-01-20 13:03 . 2008-04-14 03:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

2010-01-20 11:09 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-01-20 11:09 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-01-19 18:20 . 2010-01-19 18:20 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-16 18:50 . 2010-01-20 18:58 -------- d-----w- c:\program files\GRETECH

2010-01-16 18:29 . 2010-01-16 18:29 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Application Data\Gas Powered Games

2010-01-14 18:14 . 2010-01-14 18:14 -------- d-----w- c:\documents and settings\Notebook\Application Data\Windows Search

2010-01-14 18:14 . 2010-01-14 18:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-14 18:11 . 2010-01-14 18:11 -------- d-----w- c:\windows\system32\GroupPolicy

2010-01-12 19:39 . 2010-01-12 19:39 -------- d-sh--w- c:\documents and settings\Notebook\IECompatCache

2010-01-12 19:37 . 2010-01-12 19:37 -------- d-sh--w- c:\documents and settings\Notebook\PrivacIE

2010-01-12 19:36 . 2010-01-12 19:36 -------- d-sh--w- c:\documents and settings\Notebook\IETldCache

2010-01-12 19:34 . 2010-01-22 11:57 -------- d-----w- c:\windows\ie8updates

2010-01-12 19:32 . 2010-01-12 19:34 -------- dc-h--w- c:\windows\ie8

2010-01-12 19:28 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-12 19:28 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-12 19:28 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-01-12 15:22 . 2010-01-12 17:49 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Application Data\Temp

2010-01-11 14:36 . 2010-01-11 14:38 -------- d-----w- c:\documents and settings\Notebook\Application Data\Dream Aquarium

2010-01-11 13:57 . 2010-01-11 14:53 -------- d-----w- c:\windows\system32\Side 9 Screensaver dir

2010-01-10 14:34 . 2010-01-10 14:34 -------- d-----w- c:\documents and settings\Notebook\Local Settings\Application Data\Targem

2010-01-10 14:33 . 2010-01-10 14:33 -------- d-----w- c:\windows\system32\AGEIA

2010-01-10 14:33 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2010-01-10 14:33 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2010-01-10 14:33 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2010-01-10 14:33 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2010-01-10 14:33 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-01-10 14:33 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll

2010-01-10 14:33 . 2006-09-28 14:03 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2010-01-10 14:14 . 2010-01-10 14:14 -------- d-----w- c:\documents and settings\Notebook\Application Data\Oblone

2010-01-10 12:55 . 2010-01-10 12:55 -------- d-----w- c:\documents and settings\Notebook\Application Data\Media Player Classic

2010-01-09 13:02 . 2010-01-09 13:02 -------- d-----w- c:\program files\Common Files\ParetoLogic

2010-01-09 13:02 . 2010-01-09 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2010-01-09 13:02 . 2010-01-09 13:02 -------- d-----w- c:\program files\Common Files\XoftSpySE

2010-01-09 13:02 . 2010-01-09 13:02 -------- d-----w- c:\program files\XoftSpySE6

2010-01-07 18:26 . 2010-02-01 11:51 -------- d-----w- c:\documents and settings\Notebook\Application Data\Comodo

2010-01-05 18:31 . 2010-01-05 18:31 -------- d-----w- c:\windows\Sun

2010-01-04 19:26 . 2010-01-04 19:26 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-01-04 13:15 . 2010-01-04 13:15 -------- d-----w- c:\program files\Java

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-02 14:16 . 2009-12-21 16:51 -------- d-----w- c:\documents and settings\Notebook\Application Data\DMCache

2010-02-02 14:11 . 2010-01-03 10:14 28672 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\NP_IDM5.dll

2010-02-02 14:11 . 2010-01-03 10:14 28672 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\NP_IDM4.dll

2010-02-02 14:11 . 2010-01-03 10:14 28672 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\NP_IDM3.dll

2010-02-02 14:11 . 2010-01-03 10:14 28672 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\NP_IDM2.dll

2010-02-02 14:11 . 2010-01-03 10:14 28672 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\NP_IDM1.dll

2010-02-02 14:11 . 2009-12-21 16:51 -------- d-----w- c:\documents and settings\Notebook\Application Data\IDM

2010-02-02 12:43 . 2009-12-21 17:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-01 14:52 . 2009-12-25 13:35 117760 ----a-w- c:\documents and settings\Notebook\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-24 19:04 . 2009-12-21 18:31 -------- d-----w- c:\documents and settings\Notebook\Application Data\Skype

2010-01-24 19:03 . 2009-12-23 14:42 -------- d-----w- c:\documents and settings\Notebook\Application Data\skypePM

2010-01-24 17:41 . 2009-12-25 13:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-23 15:35 . 2008-08-14 05:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys

2010-01-23 15:34 . 2009-12-21 13:46 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-22 11:32 . 2009-12-21 10:58 51392 ----a-w- c:\documents and settings\Notebook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-17 17:42 . 2009-12-28 18:07 44396 ---ha-w- c:\windows\system32\mlfcache.dat

2010-01-16 18:38 . 2009-12-21 12:51 -------- d-----w- c:\program files\Common Files\InstallShield

2010-01-16 18:38 . 2009-12-21 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-13 17:50 . 2009-12-21 16:51 -------- d-----w- c:\program files\Internet Download Manager

2010-01-12 15:22 . 2009-12-21 19:58 -------- d-----w- c:\program files\Google

2010-01-10 14:27 . 2009-12-25 08:39 -------- d-----w- c:\documents and settings\Notebook\Application Data\DAEMON Tools Lite

2010-01-09 19:31 . 2009-12-24 17:58 -------- d-----w- c:\program files\ICQ6.5

2010-01-09 16:48 . 2009-12-25 13:35 52224 ----a-w- c:\documents and settings\Notebook\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-09 16:47 . 2009-12-25 13:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-01-08 13:13 . 2009-12-21 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-08 13:12 . 2009-12-31 11:03 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-07 14:07 . 2009-12-21 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 14:07 . 2009-12-21 19:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-04 13:15 . 2009-12-29 16:37 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-04 13:14 . 2009-12-29 20:22 152576 ----a-w- c:\documents and settings\Notebook\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-04 12:34 . 2009-12-29 20:22 79488 ----a-w- c:\documents and settings\Notebook\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-03 10:07 . 2010-01-03 10:07 -------- d-----w- c:\program files\Skype

2010-01-03 10:07 . 2009-12-21 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-01-03 10:07 . 2010-01-03 10:07 -------- d-----w- c:\program files\Common Files\Skype

2010-01-02 16:13 . 2010-01-02 16:13 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2010-01-02 16:00 . 2010-01-02 16:00 -------- d-----w- c:\documents and settings\Notebook\Application Data\TuneUp Software

2010-01-02 15:59 . 2010-01-02 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2010-01-02 15:59 . 2010-01-02 15:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-29 16:40 . 2009-12-29 16:06 1 ----a-w- c:\documents and settings\Notebook\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-12-29 16:05 . 2009-12-29 16:05 -------- d-----w- c:\documents and settings\Notebook\Application Data\OpenOffice.org

2009-12-29 12:05 . 2009-12-29 12:05 -------- d-----w- c:\program files\BitTornado

2009-12-27 17:24 . 2009-12-27 17:24 -------- d-----w- c:\program files\Windows Media Connect 2

2009-12-27 14:53 . 2009-12-21 10:49 76787 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-26 08:19 . 2009-12-26 08:19 -------- d-----w- c:\program files\Opera

2009-12-26 07:38 . 2009-12-21 13:43 -------- d-----w- c:\documents and settings\Notebook\Application Data\Winamp

2009-12-26 07:35 . 2009-12-21 13:43 -------- d-----w- c:\program files\Winamp

2009-12-26 07:35 . 2009-12-26 07:35 -------- d-----w- c:\program files\Winamp Detect

2009-12-25 18:52 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Notebook\Application Data\Ancient Quest of Saqqarah__cminion

2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\documents and settings\Notebook\Application Data\Saqqarah

2009-12-25 18:41 . 2009-12-25 18:41 -------- d-----w- c:\program files\Ancient Quest of Saqqarah

2009-12-25 18:06 . 2009-12-25 17:33 -------- d-----w- c:\documents and settings\Notebook\Application Data\COWON

2009-12-25 13:34 . 2009-12-25 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-25 13:34 . 2009-12-25 13:34 -------- d-----w- c:\documents and settings\Notebook\Application Data\SUPERAntiSpyware.com

2009-12-25 08:41 . 2009-12-25 08:41 -------- d-----w- c:\program files\DAEMON Tools Lite

2009-12-25 08:41 . 2009-12-25 08:41 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-25 08:39 . 2009-12-25 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-12-24 18:09 . 2009-12-24 17:59 -------- d-----w- c:\documents and settings\Notebook\Application Data\ICQ

2009-12-24 18:00 . 2009-12-24 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ

2009-12-24 14:23 . 2009-12-24 14:23 -------- d-----w- c:\documents and settings\Notebook\Application Data\.BitTornado

2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\program files\MSBuild

2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\program files\Reference Assemblies

2009-12-23 18:50 . 2009-12-23 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-12-23 18:44 . 2009-12-23 18:44 -------- d-----w- c:\program files\Adobe Media Player

2009-12-23 18:42 . 2009-12-23 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-12-23 18:38 . 2009-12-23 18:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2009-12-23 16:10 . 2009-12-23 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-12-23 16:10 . 2009-12-23 16:10 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-12-23 16:10 . 2009-12-23 16:10 -------- d-----w- c:\program files\TechSmith

2009-12-23 15:19 . 2009-12-23 15:19 925696 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\MoodEditor.exe

2009-12-23 15:19 . 2009-12-23 15:19 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\zlib.dll

2009-12-23 15:19 . 2009-12-23 15:19 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\dbghelp.dll

2009-12-23 15:19 . 2009-12-23 15:19 533504 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\1C858F44FD20414EA6E3ACFBA01EBBD2\CrashRpt.dll

2009-12-23 14:42 . 2009-12-23 14:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-23 13:30 . 2009-12-23 13:30 -------- d-----w- c:\documents and settings\Notebook\Application Data\Apple Computer

2009-12-22 17:13 . 2009-12-22 17:13 -------- d-----w- c:\program files\Common Files\Apple

2009-12-22 17:13 . 2009-12-22 17:13 -------- d-----w- c:\program files\Apple Software Update

2009-12-22 17:13 . 2009-12-22 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-22 16:54 . 2009-12-22 15:06 -------- d-----w- c:\program files\Quintessential Media Player

2009-12-22 14:06 . 2009-12-22 14:06 -------- d-----w- c:\program files\BACL

2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- c:\documents and settings\Notebook\Application Data\Vodafone

2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone

2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone

2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- c:\program files\Vodafone

2009-12-21 19:54 . 2009-12-21 19:54 -------- d-----w- c:\documents and settings\Notebook\Application Data\FastStone

2009-12-21 19:54 . 2009-12-21 19:54 -------- d-----w- c:\program files\FastStone Capture

2009-12-21 19:14 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-21 19:10 . 2009-12-21 19:09 -------- d-----w- c:\program files\CCleaner

2009-12-21 19:05 . 2009-12-21 19:05 -------- d-----w- c:\documents and settings\Notebook\Application Data\Malwarebytes

2009-12-21 19:05 . 2009-12-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-21 18:57 . 2009-12-21 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE

2009-12-21 18:46 . 2009-12-21 18:46 -------- d-----w- c:\program files\PhotoInstrument

2009-12-21 18:31 . 2009-12-21 18:31 -------- d-----w- c:\documents and settings\Notebook\Application Data\AnvSoft

2009-12-21 18:30 . 2009-12-21 18:30 -------- d-----w- c:\program files\AnvSoft

2009-12-21 18:06 . 2009-12-21 18:03 -------- d-----w- c:\program files\BitLord

2009-12-21 17:48 . 2009-12-21 17:48 198064 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2009-12-21 17:42 . 2009-12-21 17:42 -------- d-----w- c:\documents and settings\Notebook\Application Data\URSoft

2009-12-21 16:51 . 2009-12-21 16:51 181680 ----a-w- c:\documents and settings\Notebook\Application Data\IDM\idmmzcc02\components\idmmzcc.dll

2009-12-21 13:40 . 2009-12-21 13:40 -------- d-----w- c:\program files\MSECache

2009-12-21 13:29 . 2009-12-21 13:29 -------- d-----w- c:\program files\Microsoft.NET

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-28 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-28 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-28 131072]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 12:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2010-01-23 15:35 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.12.2009 г. 14:22 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16.12.2009 г. 16:26 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 г. 16:26 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.12.2009 г. 14:22 20560]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.12.2009 г. 21:05 236368]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13.3.2008 г. 19:08 24576]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.12.2009 г. 21:05 19160]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.12.2009 г. 10:41 691696]

S2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.12.2009 г. 11:29 135664]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 г. 16:27 7408]

S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [23.10.2009 г. 23:58 582424]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 09:29]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 09:29]

2010-01-09 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]

2010-02-02 c:\windows\Tasks\User_Feed_Synchronization-{ACCE00A0-E663-4546-9F5A-2DB7E01934DB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-01-09 c:\windows\Tasks\XoftSpySE.job

- c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-10-23 21:58]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.bg/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Свали видео съдържанието на FLV с IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Свали всички линкове с IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Свали с IDM - c:\program files\Internet Download Manager\IEExt.htm

FF - ProfilePath - c:\documents and settings\Notebook\Application Data\Mozilla\Firefox\Profiles\vkp5h84a.default\

FF - prefs.js: browser.startup.homepage - www.google.bg

FF - component: c:\documents and settings\Notebook\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll

FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll

FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll

FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll

FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-02 16:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

.

Completion time: 2010-02-02 16:25:16

ComboFix-quarantined-files.txt 2010-02-02 14:25

Pre-Run: 8 904 192 000 bytes free

Post-Run: 8 876 187 648 bytes free

- - End Of File - - 21F46B4E12ACB28BFFD81CE7C6F9A512

B-boy/StyLe/ · Февруари 2, 2010

Ако забелязваш реда от твоята снимка с реда от лог файла на Combofix съвпадат:

FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Решението е твое дали ще го изтриеш през опцията от снимката ти или чрез скрипт за Combofix.

После ще преглеждам лог файла за зарази...сега ти пиша скрипт само за да се махне реда на Comodo от Security Center-a:

Отвори notepad.exe и въведи:

Killall::
SecCentre::
{043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Запази файла с име CFScript и го провлачи и пусни в Combofix, както е на снимката.

http://i710.photobucket.com/albums/ww105/puckarti2/iconos%20gifs/CFScript.gif

След рестарта виж дали има промяна на положението.

marinlp · Февруари 2, 2010

Оправих се бях писал и в kaldata дадоха ми един файл с него премахнах всичко CFP_3_File_Registry_Cleaner.zip това е файла влязох в режим safe mode и стартирах файла вече не засича да имам друга стена благодаря за помощта деинсталирах и combofix start-run- ComboFix /uninstall надявам се да няма други проблеми по лога.

amat · Февруари 2, 2010

Здравей те!Немога да премахна защитната стена напълно на комодо деинсталирах я но в контрол панел настройки ми показва че имам две и едната е включена върнах компютъра с един ден назад преди да съм я инсталирал но пак ми показва че имам две какво да правя за да реша проблема сега незнам имам ли защитна стена или не.

Още едно предложение и от мен.

Revo Uninstaller отлично се справя с деинсталацията на Comodo .Въпреки това може да видите какво не трябва да присъства в registry или да ползвате разработеното тулче Clean-up tool for Comodo Internet Security за целта.Ако се налага инсталирайте отново и след това направете деинсталация.

http://forums.comodo.com/install_setup_configuration_help/uninstalling_comodo_fw_problem_cf%20%20%20pdll_issues_solved-t33657.0.html

https://forums.comodo.com/install-setup-configuration-help/cleanup-tool-for-comodo-internet-security-t36499.0.html

The Graverobber · Март 4, 2010

според вас дали се касае до FP

http://prikachi.com/images.php?files/1406908Q.jpg

Night_Raven · Март 4, 2010

Ако се опитваш да сваляш продукта на Comodo от официалния им сайт, то по всяка вероятност е фалшива тревога. ESET NOD32 с обновени дефиниции ли е?

The Graverobber · Март 4, 2010

от днес - 4914. опитах да сваля и целия инсталационен пакет от миръра на софтвизия, но отново прекрати връзката

Night_Raven · Март 4, 2010

Странно, пробвах на виртуална машина последната версия на ESET NOD32 Antivirus и с версия на дефинициите 4911 (последната налична за демо версията) антивирусната не реагира. Ако си човъркал настройките на програмата, може да е от това. Ако ли не, можеш да изчакаш, за да се обновят дефинициите отново. Може фалшивата тревога да се поправи.

Comodo Firewall Pro

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation