Možda tražite i:
virus,virusi ili....
Nepobedivi virus VIRUT W32.CF
mbam i sas nasli viruse dali su to stvarno virusi?

MyCity » Ambulanta -> Arhiva Ambulante » Da li imam virus ?

Da li imam virus ?

Napisano na dan: 12.2.2007

Strana:
1
2

Da li imam virus ?

Sledeća strana

Pagination

Zaključano

Strana:
1
2

Janki90 Poslao: 12 Feb 2007 17:39 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nesto mi je cudno u ovome: Logfile of HijackThis v1.99.1 Scan saved at 5:33:24 PM, on 2/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Eset\nod32kui.exe F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Net Activity Diagram\nad.exe F:\Program Files\Internet Explorer\iexplore.exe f:\progra~1\intern~1\iexplore.exe F:\Program Files\Eset\nod32krn.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Winamp\winamp.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\WINDOWS\system32\svchost.exe F:\Documents and Settings\Janki\My Documents\Downloads\Programs\HijackThis.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [LOG LOVE PLUS KIND] F:\Documents and Settings\All Users\Application Data\bows keep log love\keepgram.exe O4 - HKCU\..\Run: [Net Activity Diagram] F:\Program Files\Net Activity Diagram\nad.exe O4 - HKCU\..\Run: [FIVE ABOUT] F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe O8 - Extra context menu item: &Download all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download Flash with Flash Capture - F:\Program Files\Flash Capture\dl.htm O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3B9A0D-14C0-4DDA-A137-92332AB236D7}: NameServer = 10.10.2.69,10.10.2.79 O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Zbog cega imam 2 puta isti iexplre kad uopste nekoristim IE.Naravno nemogu ni taj file na hardu da pronadjem Hvala na odgovorima i pomoci

Profil

Rogi Poslao: 12 Feb 2007 19:24 Idi na vrh
offline Rogi Mod u pemziji Najbolji košarkaš koji je ikada igrao ovu igru Pridružio: 31 Avg 2005 Poruke: 11687	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo treba da postaviš u ambulanti!

Profil

DEMIAN Poslao: 12 Feb 2007 22:50 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sumnjam i ja na malware u ovom logu već prema prvim linijama koje sam sada na blic pogledao. Slobodan sam za nekih sat vremena, pa ću detaljnije da pregledam sve ovo i da ti napišem o čemu se tačno radi. Možda ti se za to vreme neko iz tima javi ranije sa konkretnijim predlogom za dalje..

Profil

Janki90 Poslao: 12 Feb 2007 23:43 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Najvise me cudi to sto uopste nemam IE na pc.Posto sam ga uninstall-irao.I kad unistim proces uvek se pojavi ponovo posle nekoliko sekundi.

Profil

DEMIAN Poslao: 13 Feb 2007 01:15 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Inficiran si swizzor trojancem. To što ti se dešava je tipičan manifest za ovaj malware. Idemo polako po redu.. Pronadji sledeće fajlove i upload-uj ih na ovaj link: F:\Documents and Settings\All Users\Application Data\bows keep log love\keepgram.exe F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe Ako se ne snadješ da pronadješ putanju ovog drugog fajla probaj to da uradiš na sledeći način: Preuzmi i startuj [url=https://www.mycity.rs/must-login.png U gornje polje iskopiraj F:\DOCUME~1\Janki\APPLIC~1\321MOV~1 i pritisni Enter. U donjem polju ce se pojaviti dugacko (normalno) ime foldera. Sada je potrebno obrisati kompletne foldere u kojima su se nalazila ova dva EXE fajla, pošto u njima postoje downloaderi koji će ponovo da reinstaliraju Lop nakon otklanjanja. Znači, nakon što si ova dva kompletna foldera uploadovao na našu ambulantu , obriši ih... Preuzmi program No Lop. http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16 (potrebno je skrolovati malo niže, pošto ide prvo HJT, pa reklama, pa NoLop) 1.) Ugasi sve ostale programe koji su pokrenuti u "pozadini" 2.) Dupli klik na NoLop.exe 3.) Klikni na Search and Destroy 4.) Kada je skeniranje završeno, u slučaju da si zaražen, tražiće da restartuješ računar 4.) Klikni na REBOOT Trebalo bi da se pojavi NoLop pop-up poruka, ako ne-ponovo dupli klik na NoLop.exe da bi čišćenje bilo završeno Nakon toga, postuj nam sadržaj C:\NoLop.log i svež HijackThis log Napomena: Ako se pojavi greška, da mscomctl.ocx ili neki od fajlova nisu tačno registrovani, downloaduj ovaj fajl u svoj system32 folder i onda pokreni program: http://www.boletrice.com/downloads/mscomctl.ocx

Profil

Janki90 Poslao: 13 Feb 2007 09:15 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DeM14n :: F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe Ovaj folder 321mov sam nasao i u program files pa sam isto izbrisao. DeM14n :: F:\Documents and Settings\All Users\Application Data\bows keep log love\keepgram.exe Ovaj folder nemogu da izbrisem iz windowsa (dok nisam u SM).Da li da ga izbrisem iz safe mode-a?(tacnije nemogu da izbrisem file-ove faceacesecond i keepgram.exe) Jedan problem je sto ovaj file nece da kopira u folder (rar format) FaceAceSecond koji je hidden file. Uplovdovao sam file-ove. Evo sta kaze NoLop(pronasao je virus): AC35960692CA0CD2.job.infected i evo HJT: Logfile of HijackThis v1.99.1 Scan saved at 9:40:09 AM, on 2/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Eset\nod32krn.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe F:\Program Files\Eset\nod32kui.exe F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Net Activity Diagram\nad.exe F:\Program Files\Winamp\winamp.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\WINDOWS\system32\wuauclt.exe F:\Documents and Settings\Janki\My Documents\Downloads\Programs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKCU\..\Run: [Net Activity Diagram] F:\Program Files\Net Activity Diagram\nad.exe O4 - HKCU\..\Run: [FIVE ABOUT] F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe O4 - Global Startup: NoLop.exe O8 - Extra context menu item: &Download all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download Flash with Flash Capture - F:\Program Files\Flash Capture\dl.htm O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3B9A0D-14C0-4DDA-A137-92332AB236D7}: NameServer = 10.10.2.69,10.10.2.79 O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Profil

DEMIAN Poslao: 13 Feb 2007 12:48 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sve što ne može da se obriše normanim putem briši iz safe moda. Podrazumeva se da su ti uključene opcije za prikaz skrivenih fajlova i foldera. Nešto smo uklonili ali ne sve.. Idemo dalje. 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt. Zatim preskeniraj računar sa SpyBot Search & Destroy (dopuni definicije) i kada to završiš postavi novi HJT log zajedno sa ovim koji napravi program SmitFraudFix.

Profil

Janki90 Poslao: 13 Feb 2007 13:45 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SmitFraudFix v2.141 Scan done at 12:59:21.75, Tue 02/13/2007 Run from F:\Documents and Settings\Janki\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files F:\DOCUME~1\Janki\FAVORI~1\Online Security Test.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End evo i hjt Logfile of HijackThis v1.99.1 Scan saved at 1:48:23 PM, on 2/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Eset\nod32krn.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Eset\nod32kui.exe F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe F:\Program Files\Net Activity Diagram\nad.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\ConWare\InterChat3\IC3.exe F:\Program Files\Winamp\winamp.exe F:\WINDOWS\system32\wuauclt.exe F:\Documents and Settings\Janki\My Documents\Downloads\Programs\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKCU\..\Run: [Net Activity Diagram] F:\Program Files\Net Activity Diagram\nad.exe O4 - HKCU\..\Run: [FIVE ABOUT] F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe O8 - Extra context menu item: &Download all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download Flash with Flash Capture - F:\Program Files\Flash Capture\dl.htm O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3B9A0D-14C0-4DDA-A137-92332AB236D7}: NameServer = 10.10.2.69,10.10.2.79 O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Profil

DEMIAN Poslao: 13 Feb 2007 14:54 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pošalji mi na PP kompletan log koji ti je napravio program No Lop. Ti si ga skratio a potrebne su mi informacije iz njega.. Ovako nagadjam. Moramo da se rešimo ovog što ti se podiže u start up-u. F:\DOCUME~1\Janki\APPLIC~1\321MOV~1\TitleTheHide.exe Jeli li pronašao taj folder ? Jesi li brisao iz safe mod-a ? Jesi li se skenirao sa SpyBot Search & Destroy ? (ne vidim ga ovde u listi programa) Ajd' odgovori mi na ovo pa ću da ti napišem koje linije da središ iz ovog zadnjeg loga.. Ako nije jasno bilo šta - slobodno pitaj.

Profil

Janki90 Poslao: 13 Feb 2007 15:07 Idi na vrh
offline Janki90 Elitni građanin Pridružio: 28 Maj 2006 Poruke: 1536 Gde živiš: Seven holy paths to hell	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronasao i izbrisao.Skenirao sam sa SpyBot S&D i naso je 49 problema . I sad se opet pojavio taj folder 321mov(jednom sa ga vec brisao)...

Profil

15 Feb 2007 19:48

bobby

Zaključavanje topica

Razlog: Javiti se na PP ukoliko je potrebno otkljucavanje teme

MyCity » Ambulanta -> Arhiva Ambulante » Da li imam virus ?

Ko je trenutno na forumu

Ukupno su 1069 korisnika na forumu :: 50 registrovanih, 9 sakrivenih i 1010 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, babaroga, Batinas, Bobrock1, Bokiboks, bokisha253, Boris90, cenejac111, cifra, CikaKURE, cincarin, comi_pfc, Dimitrise93, dragoljub11987, drimer, Georgius, ginjica, HrcAk47, ikan, ILGromovnik, JOntra, Još malo pa deda, Karla, Krvava Devetka, ladro, Lucije Kvint, Marko Marković, mercedesamg, mikrimaus, milenko crazy north, milutin134, moldway, mrav pesadinac, nebidrag, nenad81, Nobunaga, rasok, Ripanjac, RJ, Rogan33, stalja, Sumadija34, vathra, Vladko, voja64, wolf431, wolverined4, YugoSlav

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by