MyCity » Ambulanta -> Arhiva Ambulante » Dlena trojan?

Dlena trojan?

Napisano na dan: 8.3.2007

Dlena trojan?

Sledeća strana

Pagination

Zaključano

][v][ A T R I X™ Poslao: 08 Mar 2007 01:31 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vratih se sa puta, upalim komp i gle cuda poce NOD da mi lupa ove crvene simpaticne ekrancice upozorenja Pretpostavljam da je neko iz moje LAN mreze postao zarazen dok nisam bio tu i cim sam upalio komp cvrc. Jer nista nisam skidao... stanje isto kao kada sam poslednji put ugasio komp pre ~mesec dana i iskljucio UPS Log: Citat:Logfile of HijackThis v1.99.1 Scan saved at 1:13:19 AM, on 3/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\WINDOWS\tsnpstd3.exe D:\WINDOWS\vsnpstd3.exe D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\Program Files\iTunes\iTunesHelper.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\BORGChat\BORGChat.exe D:\Program Files\Eset\nod32krn.exe D:\Program Files\CyberLink\Shared files\RichVideo.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\MSN Messenger\msnmsgr.exe D:\WINDOWS\system32\rsvp.exe D:\WINDOWS\system32\LMabcoms.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\001\Desktop\muzara\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - Startup: BORGChat.lnk = D:\Program Files\BORGChat\BORGChat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: lmab_device - Unknown owner - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe NOD32 ovo javlja: Prvi pokusaj: Drugi: Vidim da ove cudne fajlove tipa 15153235d.exe pravi u /System32 direktorijumu... ja ih bez problema obrisem ali izgleda da se govnar ubacio u svchost.exe pa prvo download-uje sa nekog njihovog sverc servera tj. pokusava ali ga NOD spreci bar donekle... I tako cu da ubijam sistem, ali vidim da se ovaj Dlena ne pojavljuje na MC a i po netu ga slabo ima nesto... pa da vidim sta experti imaju da kazu 10x unapred.

Profil

DEMIAN Poslao: 08 Mar 2007 10:11 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav ][v][ A T R I X™ Zamolio bih te da za počtak pronadješ ovaj fajl na računaru D:\WINDOWS\system32\rsvp.exe spakuješ to (zip, rar) i upload-uješ nam to preko ovog linka: [Link mogu videti samo ulogovani korisnici]

Profil

][v][ A T R I X™ Poslao: 08 Mar 2007 13:00 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vas fajl je uspesno uploadovan. Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili. Hvala Vam.

Profil

DEMIAN Poslao: 08 Mar 2007 14:36 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo da ti se izvinem, pošto sam u žurbi pogrešno napisao ime fajla za upload.. Za ovaj smo sigurni da je malware u pitanju ali bih te ponovo zamolio da pre početka dezinfekcije zipuješ i na isti onaj link pošalješ fajl sa ove putanje:D:\WINDOWS\System32\rpcc.dll Potreban da bi smo ga prosledili AV kompanijama na analizu jer neke (tvoj NOD32 npr.) očigledno ne detektuju ovaj malware. Napiši mi u sledećem postu i da li koristiš možda CliqueCam ili Clique Video Messenger ? Sad možemo da krenemo sa čišćenjem: 1.Preuzmi program ATF Cleaner ali ga nemoj jos pokretati, trebace nam za kasnije. 3. Skeniraj ponovo programom HijackThis i stikliraj polja ispred sledece linije: O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll Nakon sto si stiklirao polja, klikni na dugme Fix checked. 4. Restartuj kompu u Safe Mode-u 5. Tu nadji i izbrisi sledece fajl: D:\WINDOWS\System32\rpcc.dll 6. Sada pokreni ATF Cleaner. Stiklaraj Select All i nakon toga klikni na Empty Selected. Kada se pojavi poruka Done Cleaning zatvori program. 7. Sada ponovo restartuj komp u normalan mod rada i ponovi ciscenje ATF Cleanerom. 8. Kada sve to odradis, skeniraj ponovo programom HijackThis i postavi svez log, da vidimo razvoj situacije.

Profil

][v][ A T R I X™ Poslao: 09 Mar 2007 19:29 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! D:\WINDOWS\System32\rpcc.dll ne postoji vise jer sam jos onaj dan ubio NOD32 i stavio Kaspersky 6 koji je ocigledno bolje odradio posao nego NOD Ostao je samo track koji je nasao Hijack This, pa sam sada obrisao tu 020. liniju pomocu njega Takodje sam i pomocu ATF Cleaner-a ispraznio sve sto taj program radi... dakle temp dir-ove, cache, cookies itd. Evo loga na kraju posle svih ciscenja... Hvala na podrsci !!! Dopuna: 09 Mar 2007 19:27 Logfile of HijackThis v1.99.1 Scan saved at 7:28:59 PM, on 3/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\WINDOWS\tsnpstd3.exe D:\WINDOWS\vsnpstd3.exe D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe D:\Program Files\BORGChat\BORGChat.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\Program Files\CyberLink\Shared files\RichVideo.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\Skype\Plugin Manager\SkypePM.exe D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\001\Desktop\muzara\marrs.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - Startup: BORGChat.lnk = D:\Program Files\BORGChat\BORGChat.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{5030C4C1-AD04-4D4B-A9D2-5F21D290D6F7}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: lmab_device - Unknown owner - D:\WINDOWS\system32\LMabcoms.exe O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe Dopuna: 09 Mar 2007 19:29 Kao sto se vidi sada je na toj liniji: O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll Opis za to je:

Profil

bobby Poslao: 09 Mar 2007 20:27 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ono sto je sada u O20 liniji je deo KAV-a, ne treba da brines. Nisam pregledao ceo novi log posto sam u poslu (pa da ne zaboravim gde sam stao). Javice ti se DeM14n sa rezultatima pregleda novog loga.

Profil

DEMIAN Poslao: 10 Mar 2007 10:33 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema vidljivih znakova infekcije u logu. Ovo za 020 ti je objasnio bobby tako da smatram da je problem rešen. Tema će uskoro biti prebačena u Arhivu Ambulante ali ostaće otvorena još neki dan za slučaj da se infekcija eventualno obnovi. ][v][ A T R I X™ ::Hvala na podrsci !!! Nema na čemu. Zbog toga smo i ovde.. Pozz..

Profil

][v][ A T R I X™ Poslao: 10 Mar 2007 16:30 Idi na vrh
offline ][v][ A T R I X™ Legendarni građanin Pridružio: 28 Apr 2005 Poruke: 3686 Gde živiš: The Circle	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Eto, dakle ispade KAV bolje resenje od NOD-a Once again, 10x for the support.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Dlena trojan?

Ko je trenutno na forumu

Ukupno su 1115 korisnika na forumu :: 114 registrovanih, 14 sakrivenih i 987 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: ajo baba, Alexandar-1973, alexbr, Arahne, Automaticar, Azzo, babaroga, Boban0312, bobo85, bobomicek, Bobrock1, bojank, Borkanović, BORUTUS, Bosnjo, BOXRR, branko87, Centauro, Cian, cikadeda, colji, crazydkure, cyprus, dacanaldo, Darth Wader, DeerHunter, DejanSt, django, Dogma21, Dolinc, dozorni, Dragon Order, dukajov, feanor, FOX, gaga23, Gogi do, gomago, gregorxix, GveX, Haris, Holy Saber, Jakonjveliki, Kalem, Koča, ladro, Litostroton, ljuba, Makeitdrip, Marko Marković, Meklejn, Metanoja, Miki 24pbr, milenko crazy north, milenko1980, Milo97, milutin134, mir, mkukoleca, mm1811, moldway, momcilob55, Mrav Obrad, Mskok, nebidrag, nekdo, Nemanja.M, nenad81, neutrino, novator, opt1, OtacMakarije, pablojepao, paja69, Paklenica, Parker, pedja.st, peradetlić, Pilence, Prečanin30, proka89, raketaš, Razdroid, RD84, Sančo, Sarmat, sekretar, Semprini, shota91, srle45, stalja, stegonosa, synergia, Tihi86, tomigun, Toper, Tribal, Tvrtko I, vathra, vidra boy, vladetije, Vladonius, voja64, Vrač, vuksa72, x9, zax22r, Zimbabwe, ZlatniRez, zorska, Zrcalo, Zukov, ZZZ, 787

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by