MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme (3)

Izdvojeno iz druge teme (3)

Napisano na dan: 24.12.2008

Izdvojeno iz druge teme (3)

Sledeća strana

Pagination

Zaključano

milnem Poslao: 24 Dec 2008 11:32 Idi na vrh
offline milnem Novi MyCity građanin Pridružio: 24 Dec 2008 Poruke: 23 Gde živiš: Novi Sad	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postovani dr. Boro i ostali dr, NOD32 je pronašao variant of Win32/Kryptik.CV trojan, i win32/autorun.ABH worm piše da ih je izbrisao. u karantinu vidim datum i vreme i piše obrisano. bez obzira na to laptop mi svako malo prvo "zaledi" otvoreni "prozor" a nekolko trenutaka kasnije ni strelica miša se više ne može pokrenuti. tada mi samo restart preostaje.posle prvog takvoga slučaja sam nekolika puta pokušao skenirati comp sa NOD-om. I tada kao i pre skeniranja u nekom trenu se sve "zaledi" na opisan nacin... od Noda nema učinka ni izveštaja, restart jedino preostaje... šta mi je činiti? ps. instalirao sam potom Malwarebytes' Anti-Malware 1.31, koji pronašao još virusa i po izveštaju ih sve uklonio : Malwarebytes' Anti-Malware 1.31 Verzija baze podataka: 1456 Windows 5.1.2600 Service Pack 2 21-Dec-08 16:42:36 mbam-log-2008-12-21 (16-42-36).txt Tip skeniranja: Brzo Skeniranje Skeniranih objekata: 50071 Proteklo vreme: 7 minute(s), 2 second(s) Inficirani procesi u memoriji: 0 Inficirani moduli u memoriji: 0 Inficirani kljuèevi u registru: 1 Inficirane vrednosti u registru: 0 Inficirani podaci u registru: 22 Inficirane fascikle: 9 Inficirane datoteke: 16 Inficirani procesi u memoriji: (Maliciozne stavke nisu detektovane) Inficirani moduli u memoriji: (Maliciozne stavke nisu detektovane) Inficirani kljuèevi u registru: HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully. Inficirane vrednosti u registru: (Maliciozne stavke nisu detektovane) Inficirani podaci u registru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kddhr.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58 85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{29e1a9fe-e696-488b-a533-99703e999a00}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6fae1639-df62-4def-acd1-34eaa2c12819}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{85db3729-23ec-47f3-9511-f6e30af853f0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9bb83dac-7918-40e0-918b-441908c4f973}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.58,85.255.112.116 -> Quarantined and deleted successfully. Inficirane fascikle: D:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044 (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\Common (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\js (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. Inficirane datoteke: D:\WINDOWS\system32\kddhr.exe (Rootkit.DNSChanger.H) -> Delete on reboot. D:\Program Files\Instant Access\Center\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\DesktopIcons\NoCreditCard.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\instant access.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Instant Access\Multi\20071004221044\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully. D:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully. D:\Documents and Settings\drazen\Start Menu\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully. D:\Documents and Settings\drazen\DesktopKax5Eo_cfdg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. D:\WINDOWS\Temp\tempo-6B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. D:\WINDOWS\Temp\tempo-973.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. ali i posle ovoga situacija je ista, zaledjivanje svako malo, bilo da sam na netu ili da NOD-om krećem proverit situaciju. izveštaj iz NOD-a ne vidim a iz karantina ne umem kopirati. neće da nudi copy. pozdrav

Profil

bobby Poslao: 24 Dec 2008 11:38 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

24 Dec 2008 13:01

bobby

Zaključavanje topica

Razlog: Ovaj topic je dupliran

MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme (3)

Ko je trenutno na forumu

Ukupno su 996 korisnika na forumu :: 30 registrovanih, 3 sakrivenih i 963 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Apok, Asparagus, Bane san, Bubimir, darcaud, darionis, DPera, Duh sa sekirom, flash12, ILGromovnik, kalens021, ksyyaj, Kubovac, mačković, milenko crazy north, Motocar, operniki, Panter, pedjolino76, raykan, Regrut Boskica, royst33, Silvertooth, Sir Budimir, Suva planina, vathra, vukovi, Zmaj Ognjeni Vuk, Zoca, zzapNDjuric99

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by