Pucanje veze

Pucanje veze

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 4

Koristim sezamov adsl 512/64, desava se da mi puca veza, od zastitnih programa koristim nod32, pa pogledajte ovaj log da li imam nesto.
Pozdrav

Logfile of HijackThis v1.99.1
Scan saved at 20:05:22, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\PECA\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = pecafilm.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5CA8C0-AAE5-45B5-BEEB-3633E11D50BA}: NameServer = 77.105.0.19 77.105.0.18
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Pokreni HT, skeniraj i čekiraj sledeću liniju:

O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)

Klikni Fix Checked.


-------------------------------------------------------------------------------------


Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 4

Pozdrav dr_Bora, izvini sto ti tek sad odgovaram, ovo ne znam sam da uradim pa sam cekao drugara da dodje on.

Evo saljem ti log od Combo Fix-a, onu liniju u HT sam obrisao.


ComboFix 08-01-17.1 - PECA 2008-01-16 21:55:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT 1:00]
Running from: C:\Documents and Settings\PECA\Desktop\New Folder (2)\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\mssadv.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 21:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 21:15 . 2008-01-02 21:16 <DIR> d-------- C:\Program Files\Mv2Player
2007-12-29 22:18 . 2007-12-29 22:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Program Files\SAGEM
2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Documents and Settings\PECA\Application Data\InstallShield
2007-12-17 13:13 . 2007-02-13 16:19 194,128 --a------ C:\WINDOWS\adiras.exe
2007-12-17 13:13 . 2006-02-15 10:15 176,128 --a------ C:\WINDOWS\autoclk.exe
2007-12-17 13:13 . 2007-12-17 13:20 990 --a------ C:\WINDOWS\adiras.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 20:49 --------- d-----w C:\Documents and Settings\PECA\Application Data\uTorrent
2007-12-25 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 12:20 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-17 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 12:18 --------- d-----w C:\Program Files\TI ADSL
2007-12-10 19:53 --------- d-----w C:\Program Files\FDRLab
2007-12-08 11:22 --------- d-----w C:\Program Files\uTorrent
2007-12-02 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-26 20:16 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-26 20:16 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-26 19:38 --------- d-----w C:\Program Files\Total Video Converter
2007-11-26 19:36 --------- d-----w C:\Program Files\Yahoo!
2007-11-26 19:36 --------- d-----w C:\Program Files\FLV Player
2007-11-26 19:25 --------- d-----w C:\Program Files\EcrTool_SR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-07 20:36 77824]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-26 21:16 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-06-10 13:10:44]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-17 13:20:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys []
S3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys []
S4 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-15 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 04:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 05:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\2K5PTFbw.exe

"2008-01-16 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
"2008-01-16 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\2K5PTFbw.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-17 21:57:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 21:57:55
ComboFix-quarantined-files.txt 2008-01-17 20:57:41



Verovatno cu sledeci korak opet za koji dan da uradim kad mi dodje drugar.

Pozdrav Korenko

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\2K5PTFbw.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\Program Files\OneStepSearch

Driver::
OneStep Search Service


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 4

Pozdrav Dr bora,

evo preko telefona smo drugar i ja ovo radili i nadam se da je uspelo.

ComboFix 08-01-17.1 - PECA 2008-01-20 0:22:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.248 [GMT 1:00]
Running from: C:\Documents and Settings\PECA\Desktop\New Folder (2)\ComboFix.exe
Command switches used :: C:\Documents and Settings\PECA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\2K5PTFbw.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\OneStepSearch
C:\Program Files\OneStepSearch\home.js
C:\Program Files\OneStepSearch\onestep.dll
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\osopt.exe
C:\Program Files\OneStepSearch\readme.html
C:\Program Files\OneStepSearch\uninstall.exe
C:\WINDOWS\autoclk.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ONESTEP_SEARCH_SERVICE
-------\OneStep Search Service


((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-18 17:29 . 2008-01-18 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-18 17:29 . 2008-01-18 17:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 21:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 21:15 . 2008-01-02 21:16 <DIR> d-------- C:\Program Files\Mv2Player
2007-12-29 22:18 . 2007-12-29 22:18 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 23:14 --------- d-----w C:\Documents and Settings\PECA\Application Data\uTorrent
2007-12-25 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 12:20 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-17 12:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 12:19 --------- d-----w C:\Program Files\SAGEM
2007-12-17 12:19 --------- d-----w C:\Documents and Settings\PECA\Application Data\InstallShield
2007-12-17 12:18 --------- d-----w C:\Program Files\TI ADSL
2007-12-10 19:53 --------- d-----w C:\Program Files\FDRLab
2007-12-08 11:22 --------- d-----w C:\Program Files\uTorrent
2007-12-02 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-26 20:16 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-11-26 20:16 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-11-26 19:38 --------- d-----w C:\Program Files\Total Video Converter
2007-11-26 19:36 --------- d-----w C:\Program Files\Yahoo!
2007-11-26 19:36 --------- d-----w C:\Program Files\FLV Player
2007-11-26 19:25 --------- d-----w C:\Program Files\EcrTool_SR
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_21.57.29.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 20:54:54 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 23:21:52 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 20:54:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 23:21:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 20:54:54 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 23:21:52 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 20:54:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 23:21:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 20:54:54 4,096,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-19 23:21:52 4,136,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 20:54:54 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 23:21:53 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-17 23:14:53 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-19 23:14:56 3,140,504 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-07 20:36 77824]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-26 21:16 917504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2006-06-10 13:10:44]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-17 13:20:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07]
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-04 02:07]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 16:44]
S3 TIAu5Bt;Actiontec Home DSL Modem Boot Device Service;C:\WINDOWS\system32\Drivers\tiau5bt.sys []
S3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;C:\WINDOWS\system32\DRIVERS\TIAU5CO.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-20 00:25:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 0:27:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 23:27:07
ComboFix2.txt 2008-01-17 20:57:56

Kazi mi sto se tice vremena, pomerio mi je jedan dan unapred da li da ga sad vracam ili jos da cekam kad se sve zavrsi.

Pozdrav

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Log je čist. Reci mi kakvo je sada stanje...

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 4

Sada radi super, da li mogu sada da sat i daum podesim kako treba i da li mogu da sa C particije da obrisem direktorijum ComboFix i hijackthis?
Jos nesto da li je potrebno da sada kada sve radi kako treba, iskljucim system restore i restartujem kompjuter ili ne?
Pozdrav i hvala!!!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ko je trenutno na forumu
 

Ukupno su 948 korisnika na forumu :: 51 registrovanih, 5 sakrivenih i 892 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, Atomski čoban, Bane san, Boter, dejanbenkovic, Denaya, Djokkinen, doklevise, Dorcolac, dragoljub11987, Dukelander, dule10savic, Džordžino, esx66, HogarStrashni, HrcAk47, ikan, kairos, kokodakalo, Koridor, kybonacci, mihajlot2013, mikki jons, mikrimaus, Milan A. Nikolic, mkukoleca, Ne doznajem se u oružje, Niske, operniki, Outis, peruni, promajauglavi, Rakenica, raykan, Regrut Boskica, shone34, Shufle, stagezin, styg, tanakadzo, vathra, Vlada1389, VladaNS1978, wolf431, Wrangler, yrraf, zhuki8, |_MeD_|, Šraf