Prijava na forum:
Ime:
Lozinka:
Prijavi me trajno:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:

ConQUIZtador
Trenutno vreme je: 29. Mar 2024, 10:24:53
nazadnapred
Korisnici koji su trenutno na forumu 0 članova i 1 gost pregledaju ovu temu.

 Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Idi dole
Stranice:
1 3
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Tema: downloader.banload.kgg  (Pročitano 6103 puta)
Krajnje beznadezan


Out of Space and Time

Zodijak Scorpio
Pol Muškarac
Poruke 10499
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
Dali od prilike se secas sta je spybot obrisao..Mozda to nisu zlotvori,vec "nevini" tracking cookies....
I ja bih ti savetovao jos nesto[pre nego sto Munkaze nastavi]..sacekaj da AVG odradi dva tri update-a..Pa onda pokusaj da vratis uTorrent...Ili kad se ovo zavrsi...Uzmi skini najnoviji uTorrent..I vidi kako ce da reaguje...
IP sačuvana
social share
I like to pretend I'm alone. Completely alone. Maybe post-apocalypse or plague... Whatever. No-one left to act normal for. No need to hide who I really am. It would be... freeing.
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Mrzim zimu!

Zodijak Virgo
Pol Muškarac
Poruke 4091
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
DSSAgent je jedan od ta dva.Ne mogu da setim koji je drugi.Ovaj je ostao kada kliknem na Recovery u Spybot-u.
Trenutno skidam jedan film i ne bih da brisem uTorent,a imam i solidan ratio,pa sam zeleo da izbegnem brisanje.
IP sačuvana
social share
Screw You Guy's. I'm going Home.

  
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Krajnje beznadezan


Out of Space and Time

Zodijak Scorpio
Pol Muškarac
Poruke 10499
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
 Smile

Sto znaci da ti AVG vise ne pravi problem...Ili si ga iskljucio?
IP sačuvana
social share
I like to pretend I'm alone. Completely alone. Maybe post-apocalypse or plague... Whatever. No-one left to act normal for. No need to hide who I really am. It would be... freeing.
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Mrzim zimu!

Zodijak Virgo
Pol Muškarac
Poruke 4091
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
AVG kao preporecune akciju za ovaj virus,ili sta je vec,iz naslova teme daje karantin.Kada sam video da je to uTorrent,vratio sam ga.Bar da zavrsim skidanje filma.

Samo da dodam kako AVG "vidi" downloader.banload.kgg.
This malicious software downloads,and then installs without user's knowledge,other harmful programs such as backdoors.
« Poslednja izmena: 03. Jun 2008, 18:42:43 od Boki78 »
IP sačuvana
social share
Screw You Guy's. I'm going Home.

  
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows Vista
Browser
Mozilla Firefox 2.0.0.14
Udji u safe mode, pokreni HJT
Cekiraj sledece i kada zavrsis sa cekiranjem klikni na Fix Checked :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B 879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

Kada zavrsis, dakle fixuj navedeno, zatim zatvori HJT, restart io  digni masinu u normal modu, i daj novi HJT da vidim sta se vraca od ovih sranja  Smile
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Mrzim zimu!

Zodijak Virgo
Pol Muškarac
Poruke 4091
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
Ova dva nisu postojala u safe modu:

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')




A ovo je novi HJT file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:47:00, on 3.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Downloads\Software\unlocker1.8.6\Unlocker\UnlockerAssistant.exe
C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Software\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Downloads\Software\unlocker1.8.6\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://i.imdb.com/images/nb15/logo2.gif

--
End of file - 7389 bytes
IP sačuvana
social share
Screw You Guy's. I'm going Home.

  
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Krajnje beznadezan


Out of Space and Time

Zodijak Scorpio
Pol Muškarac
Poruke 10499
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
Mislim da bi trebalo da iskljucis TeaTimer dok se ne zavrsi sredjivanje loga Smile
IP sačuvana
social share
I like to pretend I'm alone. Completely alone. Maybe post-apocalypse or plague... Whatever. No-one left to act normal for. No need to hide who I really am. It would be... freeing.
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Supermoderator
Legenda foruma


Always outnumbered, never outgunned.

Zodijak
Pol
Poruke 47481
Zastava
OS
Windows Vista
Browser
Mozilla Firefox 2.0.0.14
Preuzmi Combofix odavde :   link
ili odavde :    link

Kako instalirati ComboFix sa i bez Recovery Konzole : http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Imas objasnjeno sve na prvom linku kako se pokrece, odradi kako je napisano i kada zavrsis celu proceduru, zakaci novi HJT log.
Takodje preporucujem KAspersky Internet Security 7 ubuduce.
IP sačuvana
social share
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Mrzim zimu!

Zodijak Virgo
Pol Muškarac
Poruke 4091
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
Ovo je log koji je ostao kada je ComboFix zavrsio skeniranje:

ComboFix 08-06-03.1 - BOKI 2008-06-04  9:00:02.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.629 [GMT 2:00]
Running from: C:\Documents and Settings\BOKI\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\BOKI\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2008-05-04 to 2008-06-04  )))))))))))))))))))))))))))))))
.

2008-06-04 03:47 . 2008-06-04 03:47   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-06-04 03:45 . 2008-06-04 03:45   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-06-04 03:45 . 2004-08-04 01:56   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-06-04 03:45 . 2005-06-28 10:21   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-06-04 03:45 . 2008-06-04 03:49   1,355   --a------   C:\WINDOWS\imsins.BAK
2008-06-03 18:22 . 2008-03-01 15:06   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-03 18:22 . 2007-04-17 11:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-03 18:22 . 2007-03-08 07:10   991,232   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-03 18:22 . 2008-03-01 15:06   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-03 18:22 . 2008-03-01 15:06   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-03 18:22 . 2008-03-01 15:06   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-03 18:22 . 2008-03-01 15:06   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-03 18:22 . 2008-03-01 15:06   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-03 18:22 . 2008-02-22 12:00   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-03 17:42 . 2008-06-03 17:42   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-06-03 17:00 . 2008-06-03 17:53   <DIR>   d--------   C:\SDFix
2008-06-03 16:34 . 2008-06-03 16:34   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-06-03 16:34 . 2008-06-03 16:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 12:58 . 2008-05-28 14:29   <DIR>   d--------   C:\Documents and Settings\BOKI\Application Data\MSNInstaller
2008-05-23 23:40 . 2008-05-23 23:40   <DIR>   d--------   C:\Program Files\Sun
2008-05-23 23:39 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-05-17 17:53 . 2008-05-24 00:15   <DIR>   d--------   C:\Program Files\Online TV Player 4
2008-05-17 17:53 . 2008-05-17 17:53   10   --a------   C:\WINDOWS\system32\810429tv4-test.jun
2008-05-17 15:33 . 2008-05-17 15:33   <DIR>   d--------   C:\WINDOWS\IUConnect
2008-05-17 15:32 . 2008-05-17 15:32   <DIR>   d--------   C:\Documents and Settings\BOKI\WINDOWS
2008-05-17 15:32 . 2002-08-19 04:28   96,256   --a------   C:\WINDOWS\system32\SMACKW32.DLL
2008-05-17 15:30 . 2008-05-17 15:30   0   --a------   C:\WINDOWS\SETUP32.INI
2008-05-17 14:59 . 2008-05-17 14:59   <DIR>   d--------   C:\Program Files\PowerISO

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 01:24   ---------   d-----w   C:\Documents and Settings\BOKI\Application Data\uTorrent
2008-06-03 13:47   ---------   d-----w   C:\Program Files\uTorrent
2008-05-30 18:39   ---------   d-----w   C:\Documents and Settings\BOKI\Application Data\Skype
2008-05-30 18:38   ---------   d-----w   C:\Documents and Settings\BOKI\Application Data\skypePM
2008-05-23 21:48   ---------   d-----w   C:\Program Files\Winamp
2008-05-23 21:39   ---------   d-----w   C:\Program Files\Java
2008-03-26 08:09   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-25 08:20   219,936   ----a-w   C:\WINDOWS\system32\msltus40.dll
2008-03-19 09:40   1,845,888   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-02-12 20:02   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-24 09:51   16,384   --sha-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-05-24 09:51   32,768   --sha-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-05-24 09:51   32,768   --sha-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052420070525\index.dat
2007-05-24 09:51   32,768   --sha-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 22:06   1135968   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-03-21 11:12 1694208]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [ ]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 05:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"UnlockerAssistant"="C:\Downloads\Software\unlocker1.8.6\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872]
"!AVG Anti-Spyware"="C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE7-11"="advpack.dll" [2008-03-01 15:06 124928 C:\WINDOWS\system32\advpack.dll]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"51112:TCP"= 51112:TCP:BitComet 11026 TCP
"51112:UDP"= 51112:UDP:BitComet 11026 UDP
"65432:TCP"= 65432:TCP:uTorrent

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;C:\WINDOWS\system32\DRIVERS\tnet1130.sys [2004-06-17 23:41]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 09:00:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04  9:02:08
ComboFix-quarantined-files.txt  2008-06-04 07:01:51

Pre-Run: 40,362,737,664 bytes free
Post-Run: 40,339,062,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

135   --- E O F ---   2008-06-04 01:49:07
IP sačuvana
social share
Screw You Guy's. I'm going Home.

  
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Poznata licnost


Mrzim zimu!

Zodijak Virgo
Pol Muškarac
Poruke 4091
Zastava
OS
Windows XP
Browser
Mozilla Firefox 2.0.0.14
A ovo je novi HJT file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:09:41, on 4.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Software\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Downloads\Software\unlocker1.8.6\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Downloads\Software\avgas-setup-7.5.1.43-3339\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://i.imdb.com/images/nb15/logo2.gif

--
End of file - 7434 bytes
IP sačuvana
social share
Screw You Guy's. I'm going Home.

  
Pogledaj profil
 
Prijava na forum:
Ime:
Lozinka:
Zelim biti prijavljen:
Trajanje:
Registruj nalog:
Ime:
Lozinka:
Ponovi Lozinku:
E-mail:
Idi gore
Stranice:
1 3
Počni novu temu Nova anketa Odgovor Štampaj Dodaj temu u favorite Pogledajte svoje poruke u temi
Trenutno vreme je: 29. Mar 2024, 10:24:53
nazadnapred
Prebaci se na:  

Poslednji odgovor u temi napisan je pre više od 6 meseci.  

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

web design

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Domaci :: Morazzia :: TotalCar :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Alfaprevod

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.

Copyright © 2002- "Burek.com", all rights reserved. Performance: 0.102 sec za 16 q. Powered by: SMF. © 2005, Simple Machines LLC.