MyCity » Ambulanta -> Arhiva Ambulante » Email-Worm.Win32.Brontok.a

Email-Worm.Win32.Brontok.a

Napisano na dan: 6.2.2007

Strana:
1
2

Email-Worm.Win32.Brontok.a

Sledeća strana

Pagination

Zaključano

Strana:
1
2

puela Poslao: 06 Feb 2007 16:00 Idi na vrh
offline puela Građanin Pridružio: 06 Jan 2006 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! valjda sam uradila sve kako treba Citat:Logfile of HijackThis v1.99.1 Scan saved at 15:47:23, on 6.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ivana\Desktop\New Folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: + &Download Express: download this file - C:\unzipped\Download Express\Add_Url.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Read RSS Channel - C:\Program Files\YeahReader\getlink.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C4A69BC3-ABB4-4F9D-A7BA-B6A1E8E22F7F}: NameServer = 87.250.46.52,87.250.46.53 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe dakle, u pitanju je ovaj brontok.a viruslist.com/en/viruses/encyclopedia?virusid=96428 pojavio mi se u subotu i do tada sam koristila nod32 koji je redovno update-ovan on mi je prijavljivao sledeće ali nista nije radio nista, tj nije nudio nijednu opciju osim da ugasim prozor sa obavestenjem lokacije su sledeće: C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\Data Alfa.exe C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SharedDocs.exe C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\My Music\My Music.exe i onda po preporuci skinem kaspersky, najnoviji update za njega, i on u prvom skan-u nadje preko 20 komada. onda uradim još 5,6 skanova za redom i ne pronadje više nijednog. i sve bude ok dok se ne konektujem i tada na svakih 10 do 15 minuta se poajve ova tri, i kasperski ih svaki put obriše. takodje mi je drug našao i ovo symantec.com/security_response/writeup......mp;tabid=3 ali ja iz tog 5. koraka ništa ne nalazim veza mi je bežična, 100kbps ne znam da li sam nešto zaboravila? hvala unapred i da navedene sumnjive lokacije ne posećujem, niti skidam bilo šta sa neta. ________________________________________________- i sa preimenovanim hijack Citat:Logfile of HijackThis v1.99.1 Scan saved at 16:52:35, on 6.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ICQLite\ICQLite.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ivana\Desktop\New Folder\h3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/http://www.yahoo.com/ext/search/search.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: + &Download Express: download this file - C:\unzipped\Download Express\Add_Url.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Read RSS Channel - C:\Program Files\YeahReader\getlink.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C4A69BC3-ABB4-4F9D-A7BA-B6A1E8E22F7F}: NameServer = 87.250.46.52,87.250.46.53 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Profil

DEMIAN Poslao: 06 Feb 2007 18:51 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav Puela Lepo si izložila problem, potrudićemo se da dobiješ konkretno rešenje što je pre moguće.. Dok pogledam log i analiziram problem mogla bi da uradiš upload tih fajlova koje ti je AV detektovao, ako se ponovo pojave. Potrebni su nam. To možeš da uradiš na ovom linku: http://www.mycity.rs/ambulanta-upload.php Zip (rar) sve u jednu arhivu zapakuješ i pošalješ. Fajlove potraži po putanji (vizuelno). Za slučaj da su skriveni uključi prikaz skrivenih fajlova na sledeći način: My Computer -> izabere se Tools menu i klik na Folder Options. Izabere se View tab. Nadje se Hidden files and folders označi opcija Show hidden files and folders. Deštiklira opcija Hide file extensions for known types. Značilo bi i da pošalješ (upload takodje) log koji pravi Kaspersky AV da bih video šta je to sve detektovao i brisao. Log se snima jednostavno. Imaš sličan model ovde ako ti nije jasno šta tačno trebaš da uradiš. Odradi postupak opisan (putanja) na prvoj slici i na sledećm prozoru koji se bude pojavio uradiš samo Save as.. Sačuvaj taj txt na desktopu npr. da bi ga lakše našla i prosledila nama ovde. Ostatak tog teksta ne važi za tebe. Verujem da ćeš da se snadješ jer se radi o sličnim programima. Ako ti je bilo šta nejasno - slobodno pitaj. Tu smo

Profil

puela Poslao: 06 Feb 2007 19:12 Idi na vrh
offline puela Građanin Pridružio: 06 Jan 2006 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DeM14n hvala puno! kaspesrki logove upravo šaljem, tj uploas-ovani su. (kasperski logovi.zip) ali ove fajlove ne mogu naći! C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\Data Alfa.exe C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SharedDocs.exe C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\My Music\My Music.exe ovaj folder document uopšte nemam, a uključeno mi je Hidden files and folders _______________________________ ustvari uspeh da ih pronadjem ali ne mogu ni da ih zipujem ni da ih rarujem

Profil

DEMIAN Poslao: 06 Feb 2007 23:13 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uputiću te sada na program Gmer da preskeniraš računar njime i da nam zatim upload-uješ njegove logove na isti onaj link. Link za preuzimanje programa ću ti poslati na PP. Uputstvo za korišćenje imaš opisano u npr. ovoj temi. Prvi post mog kolege Rapha. Kada odradiš to sve po uputstvu i dobijemo logove, nastavljamo dalje.

Profil

puela Poslao: 07 Feb 2007 00:22 Idi na vrh
offline puela Građanin Pridružio: 06 Jan 2006 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! gmer logovi.zip poslati

Profil

bobby Poslao: 07 Feb 2007 01:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto DeM14n nije online, da ti ja odgovorim, da imas zanimaciju... Logovi su cisti. Ukoliko se ti fajlovi i dalje javljaju, ne preostaje nam nista drugo osim da te upitimo na skeniranje jos nekim anti-virusima i anti-trojanima. Skini Ewido micro (8Mb) : http://downloads.ewido.net/ewido_micro.exe Kako se radi sa Ewido micro: - na prvom ekranu odaberi sve particije (štikliraj polja ispred njih) - klikni na dugme Start Scan - nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto - klikni na Remove Infections - iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen BitDefender Free Online Virus Scan http://www.bitdefender.com/scan8/ie.html <-- potrebno je link otvoriti iz Internet Explorera i dozvoliti instaliranje ActiveX komponente

Profil

puela Poslao: 07 Feb 2007 01:07 Idi na vrh
offline puela Građanin Pridružio: 06 Jan 2006 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! bobby hvala javljaju se još uvek uradiću ovo što si mi rekao pa se javljam. hvala još jednom _________________________________ poslala sam log, poveci je (ewido-report.zip) a ovaj drugi čim odspavam malo __________________________________ evo me i posle bitdefendera: C:\Documents and Settings\Ivana\LocalSettings\Temp\wfpdisable.exeInfected with: Trojan.Wfpdis.A C:\Documents and Settings\Ivana\Local Settings\Temp\wfpdisable.exeDisinfection failed C:\Documents and Settings\Ivana\Local Settings\Temp\wfpdisable.exe Deleted sačuvala sam i njegov izveštaj ako vam bude trebao.

Profil

DEMIAN Poslao: 07 Feb 2007 16:14 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Trebao bi mi izveštaj sa zadnjeg online scan-a na koji sam te preko PP-a uputio. Jel' imaš to možda ?

Profil

puela Poslao: 07 Feb 2007 16:41 Idi na vrh
offline puela Građanin Pridružio: 06 Jan 2006 Poruke: 64	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat: Status Location tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239} Not disinfected Windows Registry Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies-1.txt[hc2.humanclick.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies-1.txt[.pacificpoker.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.atdmt.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.statcounter.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.zedo.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.fastclick.net/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.2o7.net/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.atwola.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.casalemedia.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.doubleclick.net/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.casalemedia.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.burstnet.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.casalemedia.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.tribalfusion.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.mediaplex.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[www.drivecleaner.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.drivecleaner.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.errorsafe.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[www.errorsafe.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.errorsafe.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.bravenet.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.bluestreak.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.com.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.advertising.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.overture.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.yadro.ru/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[ad.yieldmanager.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.targetnet.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[counter.hitslink.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.hitbox.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.ads.pointroll.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[as1.falkag.de/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[server.iad.liveperson.net/hc/47786206] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[server.iad.liveperson.net/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[statse.webtrendslive.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.247realmedia.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.adtech.de/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.realmedia.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.tradedoubler.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.bfast.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[stat.onestat.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.perf.overture.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.adrevolver.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.go.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.serving-sys.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.bs.serving-sys.com/] Not disinfected C:\Documents and Settings\Ivana\Application Data\Mozilla\Firefox\Profiles\t49r7yqe.default\cookies.txt[.serving-sys.com/] Not disinfected C:\Documents and Settings\Ivana\Cookies\ivana@atwola[1].txt Not disinfected C:\Documents and Settings\Ivana\Local Settings\Temp\Cookies\ivana@belnk[1].txt Not disinfected C:\Documents and Settings\Ivana\Local Settings\Temp\Cookies\ivana@dist.belnk[2].txt Not disinfected C:\Documents and Settings\mala sara\Cookies\mala sara@atwola[1].txt

Profil

DEMIAN Poslao: 07 Feb 2007 17:09 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Reci mi da li još imaš siptome koje ti je ranije AV prijavljivao ili nešto slično tome ? Postavi mi kao što si već uradila ranije jedan HijackThis log - preimenovan da ima ne asocira na naziv programa.

Profil

08 Feb 2007 23:58

bobby

Zaključavanje topica

Razlog: Javiti se na PP ukoliko je potrebno otkljucavanje teme

MyCity » Ambulanta -> Arhiva Ambulante » Email-Worm.Win32.Brontok.a

Ko je trenutno na forumu

Ukupno su 976 korisnika na forumu :: 25 registrovanih, 4 sakrivenih i 947 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bobomicek, bokisha253, Georgius, HrcAk47, jackreacher011011, Koca Popovic, krkalon, Kubovac, Marko Marković, mercedesamg, Milan A. Nikolic, Milos ZA, moldway, nenad81, nuke92, Parker, pavlo, raketaš, Stoilkovic, vathra, Vl veliki, zbazin, Žoržo

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by