MyCity » Ambulanta -> Arhiva Ambulante » Problemi sa netom,ne znamo sta je

Problemi sa netom,ne znamo sta je

Napisano na dan: 11.9.2008

Strana:
1
2

Problemi sa netom,ne znamo sta je

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Vladisavljevi Poslao: 11 Sep 2008 20:22 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imamo problema sa netom vec nekoliko dana, usporen, neke sajtove nije mogao da ucita, medutim, od juce ne možemo nikako da ucitamo ni jednu stranicu (ovo kuckamo sa drugog kompjutera), funkcioniše nam torrent, msn i outlook, ali ništa ne funkcioniše u pretraživacima, ni u operi, ni u firefoxu, ni u exploreru. Provajder kaže da nije do njih, pa smo pomislili da nije opet neki virus. Nod32 ništa ne nalazi, a update-ovan je poslednji put sinoc. Imamo adsl 512/64 preko Telekoma. Logfile of HijackThis v1.99.1 Scan saved at 20:04:33, on 11.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\stickies\stickies.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\DOWNLOAD\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iolo Utility Bar] "C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe" O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: SYSTRAN Lookup - res://C:\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Translate - res://C:\\GUIres.dll/translate.js O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - pandasoftware.com/activescan (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe Hvala unapred

Profil

dr_Bora Poslao: 11 Sep 2008 20:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Ništa konkretno se ne vidi u logu što bi moglo da prouzrokuje pomenute probleme. Hajde da odradimo još jednu proveru... * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Vladisavljevi Poslao: 11 Sep 2008 23:15 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga ComboFix 08-09-10.04 - Windows Xp 2008-09-11 22:55:29.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.625 [GMT 2:00] Running from: D:\DOWNLOAD\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))) . ... ... ...

Profil

Vladisavljevi Poslao: 11 Sep 2008 23:17 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uspela sam preko Firefoxa da pošaljem post, sa mog kompjutera Hoće da učitava stranice, ali je net jako usporen

Profil

dr_Bora Poslao: 11 Sep 2008 23:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log nije kompletan (prevelik je). Priloži C:\ComboFix.txt korišćenjem opcije Prikači fajl.

Profil

Vladisavljevi Poslao: 11 Sep 2008 23:28 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png

Profil

dr_Bora Poslao: 12 Sep 2008 13:50 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\Drivers\TDSSserv.sys Driver:: TDSSserv` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Vladisavljevi Poslao: 12 Sep 2008 17:51 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-09-10.04 - Windows Xp 2008-09-12 17:35:06.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 2:00] Running from: D:\DOWNLOAD\ComboFix.exe Command switches used :: C:\Documents and Settings\Windows Xp\My Documents\My Received Files\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))) . 2008-09-10 21:03 . 2008-09-10 21:03 <DIR> d-------- C:\Documents and Settings\Windows Xp\Application Data\SYSTRAN 2008-09-10 20:45 . 2008-09-10 20:51 878,080 --a------ C:\WINDOWS\system32\iconv.dll 2008-09-10 20:45 . 2008-09-10 20:51 721,920 --a------ C:\WINDOWS\system32\libxml2.dll 2008-09-10 20:45 . 2008-09-10 20:51 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd 2008-09-10 20:45 . 2008-09-10 20:51 150,016 --a------ C:\WINDOWS\system32\libxslt.dll 2008-09-10 20:45 . 2008-09-10 20:45 144,896 --a------ C:\WINDOWS\system32\libsyslic1.dll 2008-09-10 20:45 . 2008-09-10 20:51 51,200 --a------ C:\WINDOWS\system32\libexslt.dll 2008-09-10 20:45 . 2008-09-10 20:45 192 --a------ C:\WINDOWS\system32\libsyslic1.ls 2008-08-30 10:51 . 2008-09-10 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-30 10:51 . 2008-08-30 10:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-12 07:23 . 2008-08-12 07:23 <DIR> d-------- C:\Program Files\MSXML 6.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-12 15:34 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\stickies 2008-09-12 08:40 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\uTorrent 2008-09-10 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 18:59 --------- d-----w C:\Program Files\Corel 2008-09-10 13:02 10,072 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-29 00:06 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Skype 2008-08-16 16:58 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Autodesk 2008-08-16 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-08-10 20:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 20:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-08-10 20:32 --------- d-----w C:\Program Files\AutoCAD 2009 2008-08-10 20:23 --------- d-----w C:\Program Files\MSBuild 2008-08-10 20:18 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-01 17:11 --------- d-----w C:\Program Files\ArtOfIllusion 2008-07-25 08:12 --------- d-----w C:\Program Files\Common Files\Corel 2008-07-25 07:47 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Corel 2008-07-24 06:56 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Windows Desktop Search 2008-07-24 06:54 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-21 06:22 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-04-19 01:47 88 --sh--r C:\WINDOWS\system32\7BABFE60C1.sys 2007-11-17 12:34 88 --sh--r C:\WINDOWS\system32\D9C8DBE01D.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "iolo Utility Bar"="C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe" [2005-01-31 735232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-29 949376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Windows Xp\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 700416] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source= C:\Documents and Settings\Windows Xp\Desktop\html Ivana\baby_desktop.html FriendlyName= [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\Program Files\\eMule2\\eMule.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Custom Content Manager\\CCM.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-04 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 21081] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db6522c-5993-11dd-b4d0-00148586ce49}] \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-12 17:38:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-09-12 17:40:38 ComboFix-quarantined-files.txt 2008-09-12 15:39:36 ComboFix2.txt 2008-09-11 21:01:29 ComboFix3.txt 2008-07-04 16:48:40 ComboFix4.txt 2008-07-01 15:51:42 ComboFix5.txt 2008-09-12 15:34:36 Pre-Run: 2,792,001,536 bytes free Post-Run: 2,777,620,480 bytes free 152 --- E O F --- 2008-08-12 05:23:27

Profil

dr_Bora Poslao: 12 Sep 2008 18:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da ovo nije bilo odrađeno kako treba - molim te, ponovi postupak. Znači, potrebno je iskopirati sve što se nalazi unutar kod polja. Takođe, nakon toga uradi i sledeće: Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Vladisavljevi Poslao: 12 Sep 2008 19:05 Idi na vrh
offline Vladisavljevi Građanin Pridružio: 01 Jul 2008 Poruke: 33 Gde živiš: u Pančevu	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Drugi pokušaj... ComboFix 08-09-10.04 - Windows Xp 2008-09-12 18:49:44.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 2:00] Running from: C:\Documents and Settings\Windows Xp\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Windows Xp\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))) . 2008-09-10 21:03 . 2008-09-10 21:03 <DIR> d-------- C:\Documents and Settings\Windows Xp\Application Data\SYSTRAN 2008-09-10 20:45 . 2008-09-10 20:51 878,080 --a------ C:\WINDOWS\system32\iconv.dll 2008-09-10 20:45 . 2008-09-10 20:51 721,920 --a------ C:\WINDOWS\system32\libxml2.dll 2008-09-10 20:45 . 2008-09-10 20:51 170,432 --a------ C:\WINDOWS\system32\libsyslic1.pd 2008-09-10 20:45 . 2008-09-10 20:51 150,016 --a------ C:\WINDOWS\system32\libxslt.dll 2008-09-10 20:45 . 2008-09-10 20:45 144,896 --a------ C:\WINDOWS\system32\libsyslic1.dll 2008-09-10 20:45 . 2008-09-10 20:51 51,200 --a------ C:\WINDOWS\system32\libexslt.dll 2008-09-10 20:45 . 2008-09-10 20:45 192 --a------ C:\WINDOWS\system32\libsyslic1.ls 2008-08-30 10:51 . 2008-09-10 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-30 10:51 . 2008-08-30 10:51 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-12 07:23 . 2008-08-12 07:23 <DIR> d-------- C:\Program Files\MSXML 6.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-12 16:38 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\uTorrent 2008-09-12 15:34 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\stickies 2008-09-10 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-10 18:59 --------- d-----w C:\Program Files\Corel 2008-09-10 13:02 10,072 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-29 00:06 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Skype 2008-08-16 16:58 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Autodesk 2008-08-16 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-08-10 20:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-10 20:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-08-10 20:32 --------- d-----w C:\Program Files\AutoCAD 2009 2008-08-10 20:23 --------- d-----w C:\Program Files\MSBuild 2008-08-10 20:18 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-01 17:11 --------- d-----w C:\Program Files\ArtOfIllusion 2008-07-25 08:12 --------- d-----w C:\Program Files\Common Files\Corel 2008-07-25 07:47 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Corel 2008-07-24 06:56 --------- d-----w C:\Documents and Settings\Windows Xp\Application Data\Windows Desktop Search 2008-07-24 06:54 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-21 06:22 --------- d-----w C:\Program Files\MSXML 4.0 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-04-19 01:47 88 --sh--r C:\WINDOWS\system32\7BABFE60C1.sys 2007-11-17 12:34 88 --sh--r C:\WINDOWS\system32\D9C8DBE01D.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "iolo Utility Bar"="C:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe" [2005-01-31 735232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-29 949376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\Windows Xp\Start Menu\Programs\Startup\ Stickies.lnk - C:\Program Files\stickies\stickies.exe [2007-03-08 700416] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source= C:\Documents and Settings\Windows Xp\Desktop\html Ivana\baby_desktop.html FriendlyName= [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\PopCap Games\\Bejeweled Deluxe\\WinBej.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "C:\\Program Files\\eMule2\\eMule.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Custom Content Manager\\CCM.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000] S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-04 28057] S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 21081] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3db6522c-5993-11dd-b4d0-00148586ce49}] \Shell\AutoRun\command - WD_Windows_Tools\Setup.exe . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-12 18:52:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-09-12 18:54:29 ComboFix-quarantined-files.txt 2008-09-12 16:53:26 ComboFix2.txt 2008-09-12 15:40:39 ComboFix3.txt 2008-09-11 21:01:29 ComboFix4.txt 2008-07-04 16:48:40 ComboFix5.txt 2008-09-12 16:48:33 Pre-Run: 2,817,384,448 bytes free Post-Run: 2,803,535,872 bytes free 152 --- E O F --- 2008-08-12 05:23:27 ...a sada ću preći na drugi deo postupka (gmer). Dopuna: 12 Sep 2008 19:05 Da proverim... u gmeru je čekirana samo kućica C drajva. Da čekiram i D, pa onda skeniram?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problemi sa netom,ne znamo sta je

Ko je trenutno na forumu

Ukupno su 966 korisnika na forumu :: 14 registrovanih, 3 sakrivenih i 949 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Acivi, bojank, FileFinder, hologram, manda87, milenko crazy north, ObicanUser, Parker, royst33, sabros, stalja, wizzardone, zastavnik, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by