MyCity » Ambulanta -> Arhiva Ambulante » posle trojanca...

posle trojanca...

Napisano na dan: 5.11.2007

Strana:
1
2
3

posle trojanca...

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Delete Poslao: 09 Nov 2007 16:19 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovano!

Profil

bobby Poslao: 09 Nov 2007 16:41 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Predji opet u Safe Mode i obrisi folder C:\Documents and Settings\Zerocool\Application Data\Idolfork, svi fajlovi u tom folderu su maliciozni. Kada se vratis u normalan mod, pusti ponovo NoLop. Nakon toga skeniraj ponovo HijackThisom i stikliraj polje ispred sledece linije: O4 - HKCU\..\Run: [BoneAmen] C:\DOCUME~1\zerocool\APPLIC~1\IdolFork\Book knob.exe Klikni Fix Checked Restartuj racunar, pa nakon restarta napravi novi HijackThis log koji ces mi ovde postaviti.

Profil

Delete Poslao: 10 Nov 2007 17:04 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NoLop prilikom skeniranja nije pronasao inficirane fajlove, evo i loga: NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\zerocool\Desktop [11/9/2007] [7:32:37 PM] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Lavasoft C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Mozilla C:\Documents and Settings\Administrator\Application Data\Spyware Terminator C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Bluetooth C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Setup Film Inter Bib C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Symantec C:\Documents and Settings\All Users\Application Data\Winzip C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Zerocool\Application Data\Adobe C:\Documents and Settings\Zerocool\Application Data\Ahead C:\Documents and Settings\Zerocool\Application Data\Identities C:\Documents and Settings\Zerocool\Application Data\Lavasoft C:\Documents and Settings\Zerocool\Application Data\Limewire C:\Documents and Settings\Zerocool\Application Data\Macromedia C:\Documents and Settings\Zerocool\Application Data\Media Player Classic C:\Documents and Settings\Zerocool\Application Data\Microsoft C:\Documents and Settings\Zerocool\Application Data\Mozilla C:\Documents and Settings\Zerocool\Application Data\Pc Tools C:\Documents and Settings\Zerocool\Application Data\Sun C:\Documents and Settings\Zerocool\Application Data\Symantec C:\Documents and Settings\Zerocool\Application Data\Utorrent Dopuna: 09 Nov 2007 19:40 Logfile of HijackThis v1.99.1 Scan saved at 7:38:41 PM, on 11/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\find meal.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe Dopuna: 10 Nov 2007 17:04 Mozda bi ovo moglo da pomogne. Tokom skeniranja sa programom Ad-Aware pojavilo mi se sledece: Ali taj fajl ne mogu da pronadjem, tj. nema ga medju ostalima u tom folderu.

Profil

bobby Poslao: 12 Nov 2007 04:05 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Treba iskljuciti pa ponovo ukljuciti System Restore. Iskljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Stiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK. Ukljucivanje System Restore-a Na Desktopu, desni klik na My Computer. Odaberite Properties. Odaberite System Restore tab. Destiklirajte Turn off System Restore. Kliknite na dugme Apply. Kliknite na dugme OK.

Profil

Delete Poslao: 13 Nov 2007 10:30 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:29:31 AM, on 11/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\find meal.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 13 Nov 2007 17:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmmm... izgleda da sam propustio nesto. Mislim da je i ovaj fajl iz iste infekcije: C:\Documents and Settings\All Users\Application Data\setup film inter bib\find meal.exe Mozes li da mi ga uploadujes na proveru preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Izvini na maltretiranju, izgleda da mi se javljaju prvi znaci matorenja

Profil

Delete Poslao: 13 Nov 2007 22:24 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovano. Sve je dobro dok nema drugih znakova matorenja

Profil

bobby Poslao: 13 Nov 2007 22:29 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Yup, ista infekcija kao i onaj prethodni. Predji opet u Safe Mode i obrisi folder C:\Documents and Settings\All Users\Application Data\setup film inter bib\, svi fajlovi u tom folderu su maliciozni. Kada se vratis u normalan mod, pusti ponovo NoLop. Nakon toga skeniraj ponovo HijackThisom i stikliraj polje ispred sledece linije: O4 - HKLM\..\Run: [Inter bib audio army] C:\Documents and Settings\All Users\Application Data\setup film inter bib\find meal.exe Klikni Fix Checked Restartuj racunar, pa nakon restarta napravi novi HijackThis log koji ces mi ovde postaviti.

Profil

Delete Poslao: 14 Nov 2007 12:15 Idi na vrh
offline Delete Ugledni građanin Pridružio: 24 Feb 2006 Poruke: 435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NoLop nije pronasao nista. Logfile of HijackThis v1.99.1 Scan saved at 12:13:21 PM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\system32\wfxsnt40.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\zerocool\Desktop\New Folder\TR3.exe.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe

Profil

bobby Poslao: 14 Nov 2007 21:57 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel ti je ukljucen neki matori program (DOS ili Win9x program)? C:\WINDOWS\system32\ntvdm.exe <-- ovaj proces je normalno ukljucen samo kada je ukljucen i neki matori 16-bitni program. Jel koristis WinFax?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » posle trojanca...

Ko je trenutno na forumu

Ukupno su 1315 korisnika na forumu :: 37 registrovanih, 13 sakrivenih i 1265 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 5.56, A.R.Chafee.Jr., bankulen, bobomicek, bojank, cenejac111, CikaKURE, debeli, dika69, doktor123, draganl, dushan, elenemste, flash12, FOX, hologram, HrcAk47, jackreacher011011, janbo, Karla, ladro, laurusri, loon123, mercedesamg, Metanoja, milutin134, Mixelotti, ozzy, radoznao, ruma, Srle993, stagezin, stegonosa, TheBeastOfMG, Webb, Zoca, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by