MyCity » Ambulanta -> Arhiva Ambulante » Pucanje veze

Pucanje veze

Napisano na dan: 2.1.2008

Pucanje veze

Sledeća strana

Pagination

Odgovori

korenko Poslao: 02 Jan 2008 20:14 Idi na vrh
offline korenko Novi MyCity građanin Pridružio: 02 Jan 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koristim sezamov adsl 512/64, desava se da mi puca veza, od zastitnih programa koristim nod32, pa pogledajte ovaj log da li imam nesto. Pozdrav Logfile of HijackThis v1.99.1 Scan saved at 20:05:22, on 02/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\OneStepSearch\onestep.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OneStepSearch\onestep.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\PECA\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = pecafilm.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5CA8C0-AAE5-45B5-BEEB-3633E11D50BA}: NameServer = 77.105.0.19 77.105.0.18 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Profil

dr_Bora Poslao: 03 Jan 2008 01:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pokreni HT, skeniraj i čekiraj sledeću liniju: O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing) Klikni Fix Checked. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

korenko Poslao: 16 Jan 2008 22:11 Idi na vrh
offline korenko Novi MyCity građanin Pridružio: 02 Jan 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav dr_Bora, izvini sto ti tek sad odgovaram, ovo ne znam sam da uradim pa sam cekao drugara da dodje on. Evo saljem ti log od Combo Fix-a, onu liniju u HT sam obrisao. ComboFix 08-01-17.1 - PECA 2008-01-16 21:55:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT 1:00] Running from: C:\Documents and Settings\PECA\Desktop\New Folder (2)\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Microsoft Security Adviser C:\Program Files\Microsoft Security Adviser\mssadv.exe C:\WINDOWS\msettings.ini C:\WINDOWS\mssadv.dll . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-16 21:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 21:15 . 2008-01-02 21:16 <DIR> d-------- C:\Program Files\Mv2Player 2007-12-29 22:18 . 2007-12-29 22:18 <DIR> d--h----- C:\WINDOWS\PIF 2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Program Files\SAGEM 2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Documents and Settings\PECA\Application Data\InstallShield 2007-12-17 13:13 . 2007-02-13 16:19 194,128 --a------ C:\WINDOWS\adiras.exe 2007-12-17 13:13 . 2006-02-15 10:15 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-12-17 13:13 . 2007-12-17 13:20 990 --a------ C:\WINDOWS\adiras.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 20:49 --------- d-----w C:\Documents and Settings\PECA\Application Data\uTorrent 2007-12-25 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-17 12:20 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-17 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 12:18 --------- d-----w C:\Program Files\TI ADSL 2007-12-10 19:53 --------- d-----w C:\Program Files\FDRLab 2007-12-08 11:22 --------- d-----w C:\Program Files\uTorrent 2007-12-02 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-11-26 20:16 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-26 20:16 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-26 19:38 --------- d-----w C:\Program Files\Total Video Converter 2007-11-26 19:36 --------- d-----w C:\Program Files\Yahoo! 2007-11-26 19:36 --------- d-----w C:\Program Files\FLV Player 2007-11-26 19:25 --------- d-----w C:\Program Files\EcrTool_SR . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-07 20:36 77824] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-26 21:16 917504] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-06-10 13:10:44] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-17 13:20:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47] S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07] S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44] S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [] S3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [] S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service [] Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-14 23:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 08:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 09:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 10:00:00 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 11:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 12:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 13:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 14:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 15:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 16:00:00 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 17:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 00:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 18:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 19:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 20:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 21:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 22:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 01:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 02:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-15 03:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 04:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 05:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 06:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\2K5PTFbw.exe "2008-01-16 07:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\2K5PTFbw.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-17 21:57:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-17 21:57:55 ComboFix-quarantined-files.txt 2008-01-17 20:57:41 Verovatno cu sledeci korak opet za koji dan da uradim kad mi dodje drugar. Pozdrav Korenko

Profil

dr_Bora Poslao: 17 Jan 2008 11:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\autoclk.exe C:\WINDOWS\system32\2K5PTFbw.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job Folder:: C:\Program Files\OneStepSearch Driver:: OneStep Search Service Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

korenko Poslao: 19 Jan 2008 00:44 Idi na vrh
offline korenko Novi MyCity građanin Pridružio: 02 Jan 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Dr bora, evo preko telefona smo drugar i ja ovo radili i nadam se da je uspelo. ComboFix 08-01-17.1 - PECA 2008-01-20 0:22:05.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.248 [GMT 1:00] Running from: C:\Documents and Settings\PECA\Desktop\New Folder (2)\ComboFix.exe Command switches used :: C:\Documents and Settings\PECA\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\autoclk.exe C:\WINDOWS\system32\2K5PTFbw.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\OneStepSearch C:\Program Files\OneStepSearch\home.js C:\Program Files\OneStepSearch\onestep.dll C:\Program Files\OneStepSearch\onestep.exe C:\Program Files\OneStepSearch\osopt.exe C:\Program Files\OneStepSearch\readme.html C:\Program Files\OneStepSearch\uninstall.exe C:\WINDOWS\autoclk.exe C:\WINDOWS\Tasks\At1.job C:\WINDOWS\Tasks\At10.job C:\WINDOWS\Tasks\At11.job C:\WINDOWS\Tasks\At12.job C:\WINDOWS\Tasks\At13.job C:\WINDOWS\Tasks\At14.job C:\WINDOWS\Tasks\At15.job C:\WINDOWS\Tasks\At16.job C:\WINDOWS\Tasks\At17.job C:\WINDOWS\Tasks\At18.job C:\WINDOWS\Tasks\At19.job C:\WINDOWS\Tasks\At2.job C:\WINDOWS\Tasks\At20.job C:\WINDOWS\Tasks\At21.job C:\WINDOWS\Tasks\At22.job C:\WINDOWS\Tasks\At23.job C:\WINDOWS\Tasks\At24.job C:\WINDOWS\Tasks\At3.job C:\WINDOWS\Tasks\At4.job C:\WINDOWS\Tasks\At5.job C:\WINDOWS\Tasks\At6.job C:\WINDOWS\Tasks\At7.job C:\WINDOWS\Tasks\At8.job C:\WINDOWS\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ONESTEP_SEARCH_SERVICE -------\OneStep Search Service ((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))) . 2008-01-18 17:29 . 2008-01-18 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-18 17:29 . 2008-01-18 17:30 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-16 21:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 21:15 . 2008-01-02 21:16 <DIR> d-------- C:\Program Files\Mv2Player 2007-12-29 22:18 . 2007-12-29 22:18 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 23:14 --------- d-----w C:\Documents and Settings\PECA\Application Data\uTorrent 2007-12-25 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-17 12:20 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-12-17 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 12:19 --------- d-----w C:\Program Files\SAGEM 2007-12-17 12:19 --------- d-----w C:\Documents and Settings\PECA\Application Data\InstallShield 2007-12-17 12:18 --------- d-----w C:\Program Files\TI ADSL 2007-12-10 19:53 --------- d-----w C:\Program Files\FDRLab 2007-12-08 11:22 --------- d-----w C:\Program Files\uTorrent 2007-12-02 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-11-26 20:16 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-26 20:16 270,336 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-26 19:38 --------- d-----w C:\Program Files\Total Video Converter 2007-11-26 19:36 --------- d-----w C:\Program Files\Yahoo! 2007-11-26 19:36 --------- d-----w C:\Program Files\FLV Player 2007-11-26 19:25 --------- d-----w C:\Program Files\EcrTool_SR . ((((((((((((((((((((((((((((( snapshot@2008-01-17_21.57.29.10 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-16 20:54:54 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-19 23:21:52 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-16 20:54:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-19 23:21:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-16 20:54:54 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-19 23:21:52 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-16 20:54:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-19 23:21:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-16 20:54:54 4,096,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-19 23:21:52 4,136,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat - 2008-01-16 20:54:54 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-19 23:21:53 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-01-17 23:14:53 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat + 2008-01-19 23:14:56 3,140,504 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-07 20:36 77824] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-26 21:16 917504] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-06-10 13:10:44] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-17 13:20:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47] S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07] S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44] S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys [] S3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys [] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-20 00:25:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-20 0:27:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-19 23:27:07 ComboFix2.txt 2008-01-17 20:57:56 Kazi mi sto se tice vremena, pomerio mi je jedan dan unapred da li da ga sad vracam ili jos da cekam kad se sve zavrsi. Pozdrav

Profil

dr_Bora Poslao: 19 Jan 2008 01:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je čist. Reci mi kakvo je sada stanje...

Profil

korenko Poslao: 19 Jan 2008 19:15 Idi na vrh
offline korenko Novi MyCity građanin Pridružio: 02 Jan 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada radi super, da li mogu sada da sat i daum podesim kako treba i da li mogu da sa C particije da obrisem direktorijum ComboFix i hijackthis? Jos nesto da li je potrebno da sada kada sve radi kako treba, iskljucim system restore i restartujem kompjuter ili ne? Pozdrav i hvala!!!

Profil

dr_Bora Poslao: 19 Jan 2008 20:07 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pucanje veze

Ko je trenutno na forumu

Ukupno su 1178 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 1144 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., ajo baba, Ben Roj, Bickoooo, Bobrock1, bojank, bokisha253, Dr.Strangelove, Dukelander, FOX, Goran 0000, HrcAk47, Krusarac, Kubovac, Leonov, mercedesamg, Metanoja, mnn2, NoOneEver Dreams, Parker, proka89, Prometeus, raso76, royst33, Sir Budimir, stegonosa, t84dar, vathra, voja64, yufighter

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by