Da li imam virus/spyware...

1

Da li imam virus/spyware...

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Posle dugo vremena sam skenirao sa ad-aware i on je pronasao neki cookies
evo log od njega...
ArchiveData(auto-quarantine- 2007-04-18 19-31-25.bckp)
Referencefile : SE1R166 16.04.2007
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : F:\Documents and Settings\Janki\recent\Desktop.ini
obj[1]=MRU FileReference : F:\Documents and Settings\Janki\recent\Downloads.lnk
obj[2]=MRU FileReference : F:\Documents and Settings\Janki\recent\Iron Maiden - Behind The Iron Curtain 1984.lnk
obj[3]=MRU FileReference : F:\Documents and Settings\Janki\recent\LastReplay.lnk
obj[4]=MRU FileReference : F:\Documents and Settings\Janki\recent\replay.lnk
obj[5]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[7]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.mpg
obj[8]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.w3g
obj[9]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
obj[10]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
obj[6]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.avi
obj[11]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru
obj[12]=MRU RegReference : S-1-5-21-606747145-602609370-682003330-1003\software\microsoft\windows media\wmsdk\general computername

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[9]=IECache Entry : Cookie:janki@rambler.ru/
obj[10]=IECache Entry : Cookie:janki@2o7.net/

I naravno od hijackthis (log je posle skeniranja sa ad-aware)

Logfile of HijackThis v1.99.1
Scan saved at 7:32:34 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Java\jre1.6.0\bin\jusched.exe
F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
F:\Program Files\Net Activity Diagram\nad.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Programs\Antivirusi\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /T
O4 - HKCU\..\Run: [Net Activity Diagram] F:\Program Files\Net Activity Diagram\nad.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Download all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Download All Files by HiDownload - F:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by HiDownload - F:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download Flash with Flash Capture - F:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - F:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3B9A0D-14C0-4DDA-A137-92332AB236D7}: NameServer = 10.10.2.69,10.10.2.79
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Zdravo Janki90, uploaduj mi sledeci fajl, ali ga pre toga raruj ili zipuj:

F:\WINDOWS\system32\shdocvw.dll

Evo linka za upload http://www.mycity.rs/ambulanta-upload.php

Nakon ovoga skini AVG Anti-Rootkit Free sa sledeceg sajta http://free.grisoft.com/doc/1 instaliraj ga, pokreni skeniranje, nakon zavrsenog skeniranja prikazi nam rezultate, ako je program nesto pronasao.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Nista nije pronasao...sto se tice upload nesto neradi...

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Jesi li bio logovan kada si pokusao upload? Pokusaj opet. Kod mene radi odlicno. Nakon uploada pojavice ti se sledeci tekst:
"Vas fajl je uspesno uploadovan.
Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili.
Hvala Vam."

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Uspeo je sad...verovatno je bila neka greska kod mene...

Dopuna: 20 Apr 2007 0:17

btw... treba i da izbrisem taj file?

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Ne, fajl je analiziran, i u redu je, nego nesto me zanima, vidim da koristis spybot, da li ti je ukljucen njegov Tea Timer?

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Gde treba da pogleda da li je ukljucen Tea Timer?

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Prvo iskljuci Tea-Timer ukoliko ti je ukljucen, onda postavi novi log HijackThis programa sa iskljucenim Tea-Timerom spybota.

Evo uputstva za iskljucivanje Tea-Timera:


Pokreni Spybot S&D
Klikni Mode stavku u meniju
Odaberi Advance Mode
Na traci levo klikni na Tools
Klikni na Resident
Destikliraj Resident Tea-Timer
Zatvori Spybot S&D
Restartuj kompjuter.

Nemoj zaboraviti da ponovo ukljucis ove opcije kada zavrsimo ciscenje.

offline
  • Pridružio: 28 Maj 2006
  • Poruke: 1536
  • Gde živiš: Seven holy paths to hell

Nisam ni imao ukljucen Tea-Timer i evo log:
Logfile of HijackThis v1.99.1
Scan saved at 1:01:15 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Eset\nod32krn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Java\jre1.6.0\bin\jusched.exe
F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe
F:\Program Files\Net Activity Diagram\nad.exe
F:\Program Files\BORGChat\BORGChat.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Programs\Antivirusi\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "F:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /T
O4 - HKCU\..\Run: [Net Activity Diagram] F:\Program Files\Net Activity Diagram\nad.exe
O4 - Startup: BORGChat.lnk = F:\Program Files\BORGChat\BORGChat.exe
O8 - Extra context menu item: &Download all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Download All Files by HiDownload - F:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by HiDownload - F:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download Flash with Flash Capture - F:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - F:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3B9A0D-14C0-4DDA-A137-92332AB236D7}: NameServer = 10.10.2.69,10.10.2.79
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Nemas prisutnu nikakvu infekciju na racunaru, ako se slazes Janki90 da zatvorimo temu?

Ko je trenutno na forumu
 

Ukupno su 930 korisnika na forumu :: 18 registrovanih, 8 sakrivenih i 904 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bestguarder, ladro, laki_bb, Lazarus, mean_machine, MikeHammer, mnn2, nenad81, operniki, Parker, sickmouse, SlaKoj, Srky Boy, Trpe Grozni, W123, yufighter, Zimbabwe, zzapNDjuric99