MyCity » Ambulanta -> Arhiva Ambulante » Problem

Problem

Napisano na dan: 23.2.2008
2

Problem
Pagination Prethodna strana
Sledeća strana Pagination

Idi na vrh

Poslao: 25 Feb 2008 19:59
Idi na vrh
offline
  • Pridružio: 30 Jan 2008
  • Poruke: 113

ja sam nesto uploadovao...neznam da li sam dobro postupio

Poslao: 25 Feb 2008 20:28
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nisi dobro uploadovao. Molim te pokusaj ponovo, ali ovaj put one fajlove koje sam ti zatrazio.

Poslao: 25 Feb 2008 21:08
Idi na vrh
offline
  • Pridružio: 30 Jan 2008
  • Poruke: 113

hoces li mi samo objasniti kako se pakuju fajlovi u zip

Poslao: 25 Feb 2008 21:16
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nije bitno, uploaduje jedan po jedan, ne mora da ih zipujes.

Poslao: 25 Feb 2008 21:21
Idi na vrh
offline
  • Pridružio: 30 Jan 2008
  • Poruke: 113

sada sam napravio novi zip i uploadovao.Jesam li sada makar pogodio

Dopuna: 25 Feb 2008 21:21

evo dobio si i odvojeno.

Poslao: 25 Feb 2008 21:47
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\Trntfiltr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Inace, mislim taj skin za Windows sto koristis, da ti puno problema poticu od njega.

Poslao: 25 Feb 2008 22:08
Idi na vrh
offline
  • Pridružio: 30 Jan 2008
  • Poruke: 113

ComboFix 08-02-24.2 - As 2008-02-25 21:58:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.113 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\As\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\As\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Trntfiltr.dll
.

((((((((((((((((((((((( Dateien erstellt von 2008-01-25 bis 2008-02-25 ))))))))))))))))))))))))))))))
.

2008-02-25 20:54 . 2008-02-25 20:59 <DIR> d-------- C:\Neuer Ordner
2008-02-24 22:49 . 2008-02-24 22:49 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-02-24 22:49 . 2008-02-24 22:49 <DIR> d-------- C:\Programme\microsoft frontpage
2008-02-24 22:10 . 2008-02-24 23:42 250 --a------ C:\WINDOWS\gmer.ini
2008-02-24 21:05 . 2008-02-25 14:57 <DIR> d-------- C:\Programme\DC++
2008-02-24 13:37 . 2008-02-24 13:36 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-02-24 13:37 . 2008-02-24 13:36 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-02-24 13:37 . 2008-02-24 13:36 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-02-24 13:36 . 2008-02-24 14:48 <DIR> d-------- C:\Programme\ESET
2008-02-23 22:08 . 2006-12-13 11:34 36,864 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008-02-23 20:43 . 2008-02-23 20:43 244 --ah----- C:\sqmnoopt02.sqm
2008-02-23 20:43 . 2008-02-23 20:43 232 --ah----- C:\sqmdata02.sqm
2008-02-21 15:53 . 2008-02-21 15:53 <DIR> d-------- C:\Programme\Gemeinsame Dateien\MAGIX
2008-02-21 15:53 . 2007-04-27 10:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-02-21 14:39 . 2008-02-21 14:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Hypnotizer
2008-02-20 23:10 . 2008-02-20 23:10 244 --ah----- C:\sqmnoopt01.sqm
2008-02-20 23:10 . 2008-02-20 23:10 232 --ah----- C:\sqmdata01.sqm
2008-02-17 22:57 . 2008-02-18 11:48 <DIR> d-------- C:\Program Files
2008-02-06 01:33 . 2008-02-17 13:53 <DIR> d-------- C:\Dokumente und Einstellungen\As\Anwendungsdaten\Winamp
2008-02-05 23:37 . 2008-02-18 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\As\MAGIX Online Druck Service
2008-02-05 23:19 . 2008-02-21 16:34 <DIR> d-------- C:\Programme\MAGIX
2008-01-31 17:42 . 2008-02-07 20:03 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2008-01-26 15:50 . 2008-01-26 15:55 81,920 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-01-26 15:50 . 2008-01-26 15:50 81,920 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-01-26 13:12 . 2008-01-26 19:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 11:35 --------- d-----w C:\Dokumente und Einstellungen\As\Anwendungsdaten\BearShare
2008-02-25 10:45 --------- d-----w C:\Dokumente und Einstellungen\As\Anwendungsdaten\LimeWire
2008-02-25 10:16 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-25 09:22 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2008-02-25 09:22 --------- d-----w C:\Programme\Common Files
2008-02-24 22:06 70,144 ----a-w C:\WINDOWS\system32\dllcache\notepad.exe
2008-02-24 22:06 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-02-21 14:13 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-02-18 10:47 --------- d-----w C:\Programme\Windows Media Connect 2
2008-02-09 22:10 --------- d-----w C:\Dokumente und Einstellungen\As\Anwendungsdaten\Azureus
2008-02-07 20:31 34,520 ----a-w C:\Dokumente und Einstellungen\As\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-02-06 01:20 --------- d-----w C:\Programme\Winamp
2008-02-05 22:44 --------- d-----w C:\Programme\CONEXANT
2008-01-31 17:12 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-01-31 07:39 --------- d--h--w C:\Programme\Servis (Mare)
2008-01-26 15:00 --------- d-----w C:\Programme\Zweckform Design Galerie
2008-01-26 15:00 --------- d-----w C:\Programme\XP Hidden Application Enabler
2008-01-26 15:00 --------- d-----w C:\Programme\WinMX Music
2008-01-26 15:00 --------- d-----w C:\Programme\VisualTooltip
2008-01-26 15:00 --------- d-----w C:\Programme\Ubisoft
2008-01-26 15:00 --------- d-----w C:\Programme\Synaptics
2008-01-26 15:00 --------- d-----w C:\Programme\ScanSoft
2008-01-24 22:57 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-24 22:57 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-24 22:57 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-01-24 22:57 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-01-24 22:51 --------- d-----w C:\Programme\Real
2008-01-12 19:33 --------- d-----w C:\Programme\BearShare Applications
2008-01-12 19:33 --------- d-----w C:\Programme\AVerMedia
2008-01-12 19:33 --------- d-----w C:\Programme\ATI Technologies
2007-09-02 16:35 471 ----a-w C:\Programme\Verknüpfung mit LEGO Media.lnk
2007-08-22 18:24 16 ---ha-w C:\Programme\mxfilerelatedcache.mxc2
2007-06-26 14:10 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-06-26 14:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
2007-06-26 14:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
2007-06-26 14:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007062620070627\index.dat
.

------- Sigcheck -------

"C:\WINDOWS\system32\user32.dll"
----a-w 578,560 2006-12-13 10:35:35 C:\WINDOWS\system32\user32.dll

"C:\WINDOWS\system32\wininet.dll"
----a-w 818,688 2006-12-13 10:39:08 C:\WINDOWS\system32\wininet.dll

"C:\WINDOWS\system32\drivers\tcpip.sys"
----a-w 360,576 2006-12-13 10:39:21 C:\WINDOWS\system32\drivers\tcpip.sys

"C:\WINDOWS\system32\ntkrnlpa.exe"
----a-w 2,059,136 2006-12-13 10:48:03 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,059,136 2006-12-13 10:48:04 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

"C:\WINDOWS\system32\ntoskrnl.exe"
----a-w 2,181,632 2006-12-13 10:35:01 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,181,632 2006-12-13 10:35:02 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

"C:\WINDOWS\explorer.exe"
----a-w 1,425,920 2004-08-03 23:57:54 C:\WINDOWS\explorer.exe
----a-w 1,035,264 2004-08-03 23:57:54 C:\WINDOWS\system32\VITrans\explorer.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-20 18:19 68856]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:56 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTooltip"="C:\Programme\VisualTooltip\VisualToolTip.exe" [2006-10-06 08:21 942080]
"AzMixerSel"="C:\Programme\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 12:35 53248]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-01-24 23:57 185896]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 12:07 761946]
"nod32kui"="C:\Programme\Eset\nod32kui.exe" [2008-02-24 13:36 949376]

C:\Dokumente und Einstellungen\As\Startmen\Programme\Autostart\
TClock2.lnk - C:\Programme\Servis (Mare)\Clock (tclock2)\tclock2.exe [2007-06-26 21:20:20 90624]
VistaPerfectionStartButton.lnk - C:\VTPFiles\VistaPerfectionStartButton.exe [2007-06-28 14:23:54 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SkyTel"=SkyTel.EXE
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\LimeWire\\LimeWire.exe"=
"C:\\Programme\\DC++\\DCPlusPlus.exe"=
"C:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-25 22:00:04
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-25 22:00:43
ComboFix-quarantined-files.txt 2008-02-25 21:00:27
ComboFix2.txt 2008-02-25 20:51:22
ComboFix3.txt 2008-02-24 21:46:07

Dopuna: 25 Feb 2008 22:08

izvini malo zbog cekanja,jer mi je nakon skeniranja samo desktop bild ostala,pa sam morao da ga restartujem

Poslao: 25 Feb 2008 22:16
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kako se sada ponasa kompjuter?
Mozes li sada ispravno da instaliras NOD32?

Jel NOD32 prestao da radi kada si instalirao taj skin za Windows?

Poslao: 25 Feb 2008 22:52
Idi na vrh
offline
  • Pridružio: 30 Jan 2008
  • Poruke: 113

radi dobro.ja sam nod instalirao jos juce,i dobro radi update i skeniranje.Jedini problem je sto nece u Safe Mode,ni nod niti spy.s&d.
e sada sto mi je Spy.S&D danas skenirao,sta da radim sa time(napisao sam gore u postu sta je tacno prikazao).

Poslao: 25 Feb 2008 22:58
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ono sto je SpyBot nasao je beznacajno, tj. nista opasno.
To su neki podaci koje su pojedini sajtovi upisali kod tebe na HD. To je standardna stvar, s tim sto od nekih sajtova ti upisi nisu pozeljni jer time prate kada si zadnji put posetio sajt i sta si kliktao na sajtu, i te podatke koriste za ciljno reklamiranje.

To sto NOD ne moze da radi u SafeMode, to ne znam posto nemam taj program.
Ukoliko skenira na nivou sistemskog servisa, onda nije cudo sto ne radi.
Ukoliko skenira na nivou drajvera, onda bi trebalo da radi.
To tebi pak nista ne znaci, zato bolje u odgovarajucem forumu pitaj ko jos ima NOD (istu verziju kao i ti), pa vidi da li kod njih radi u Safe Modu.

MyCity » Ambulanta -> Arhiva Ambulante » Problem

Ko je trenutno na forumu
 

Ukupno su 963 korisnika na forumu :: 78 registrovanih, 4 sakrivenih i 881 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, Andrija357, ArmyBoss, Atenjanin89, bojank, Brada i Gibanica, Bubimir, cavatina, ccoogg123, Chainsaw, chavaledeni, darkangel, Denaya, dragan_mig31, Georgius, goran.vvv, goranperović66, goxin, HrcAk47, ivica976, Joja2, JOntra, Jovan Nenad, komkom, Kriglord, Krnjickiviking, Krusarac, kunktator, kybonacci, Leonov, Lošmi, MB120mm, mercedesamg, messerschmitt, mile23, milimoj, Mimikrija, Mixelotti, mkukoleca, mr.mudri, nebkv, Nemanja.M, Neutral-M, novator, ObelixSRB, opt1, pacika, pceklic, pedja2506, Pohovani_00, proka89, raptorsi, rikirubio, rkekoke, robertino, RobinHood12, Sale.S, sasabanjac, Sirius, SlaKoj, slonic_tonic, Stoilkovic, Stuka76, TITAN DUDIN JARAN, Trpe Grozni, tubular, upitnik, Van, vathra, Visionary, Vlada78, VladaNS1978, vlahale, Vule, wizzardone, wolverined4, zdrebac, zxstole