Natrag   Forum.hr > Informatička tehnologija > IT Help service > Security

Security Antivirusi, firewalli, patchevi, service packovi, updatei, ... Sve o sigurnosti vašeg računala.

Odgovor
 
Tematski alati Opcije prikaza
Old 21.11.2008., 11:50   #1001
Quote:
Moby Master kaže: Pogledaj post
Isključen je, koristim za svaku aplikaciju KeyGen, ali stvarno mi se desi da svaka aplikacija koju pokrenem mi je not responding, i ništa ne mogu raditi, sve dok ga ne uključim i naredim mu da propusti aplikaciju!
Ma neznam ali zvuči nenormalno,kao da ti je comp zarobljen i pod kontrolom hakera možda...keygen nebi smio kontrolirati ništa a ne sve aplikacije.
Znatiželjko is offline  
Odgovori s citatom
Old 21.11.2008., 11:51   #1002
Quote:
Znatiželjko kaže: Pogledaj post
Ma neznam ali zvuči nenormalno,kao da ti je comp zarobljen...keygen nebi smio kontrolirati ništa a ne sve aplikacije.
Tako mi nije samo s aplikacijama koje su dopuštene u Zone Alarmu!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 21.11.2008., 13:12   #1003
Quote:
Znatiželjko kaže: Pogledaj post
Što se tiče tih dodatnih alata KIS8 je kralj.Mene bi zanimalo više ono što godinama govore da je NOD-ova najmoćnija strana a to je da troši najmanje resursa i da je najbrži,mislim da i tu ima KIS8 šta reći.
da...kasperskom niko nije osporava efikasnost i čiščenje,....jedina "mana" koju je ima je brzina skeniranja i zauzeće memorije...sa verzijom 2009 to se prominilo...
dobrota is offline  
Odgovori s citatom
Old 21.11.2008., 13:13   #1004
Quote:
Znatiželjko kaže: Pogledaj post
Nego komunistički Kaspersky
i da je komunistički,nije bitno..u splitu se sluša samo najbolje
dobrota is offline  
Odgovori s citatom
Old 21.11.2008., 13:19   #1005
Ovoliko mi troši KAV 7!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 21.11.2008., 13:29   #1006
Quote:
Moby Master kaže: Pogledaj post
Ovoliko mi troši KAV 7!
pa jesi corav ...
xPsycho is offline  
Odgovori s citatom
Old 21.11.2008., 13:32   #1007
Quote:
xPsycho kaže: Pogledaj post
pa jesi corav ...
?
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 23.11.2008., 00:38   #1008
evo još jedna zanimljivost..iščupo sam iz opera cache 3 filea..i skeno.

virustotal
http://www.virustotal.com/de/analisi...73dbc74bd9a836

joti


a evo i tih filea
http://archiv.to/?Module=Details&Has...E492889DE31A9C
mvanb is offline  
Odgovori s citatom
Old 23.11.2008., 00:56   #1009
Jel se to tamo ne može skinut bez registracije, ili ja ne kužim kako?
jocker is offline  
Odgovori s citatom
Old 23.11.2008., 01:05   #1010
božesačuvaj is offline  
Odgovori s citatom
Old 23.11.2008., 01:09   #1011
Sadržaj fajlova!

opr00614

<script type="text/javascript" langugage="JavaScript">
kstatus();
function kstatus() {
if(self.status!=" ") {
self.status=" "
}
setTimeout("kstatus()",0);
}
</script>
<iframe src='about:blank' width=0 height=0></iframe>
<iframe src='about:blank' width=0 height=0></iframe>
<iframe src="http://www.udoseek.com/search.php?username=tang&keywords=Polish+Pottery&a bcwords=Printer+Cartridge" width="0" height="0" ></iframe>
<iframe src="http://www.touseek.com/search.php?username=bgmgroup&keywords=Business+Ins urance&abcwords=Print+Free+Business+Card" width="0" height="0" ></iframe>
<center><strong>
<font color='#FF0000' size='4'>Get Paid To Promote At <font color='#FF00FF'> All Search Country</font> !</font><br>
<a href='http://www.findppc.net/signup.php?referral=3fn' target='_blank'>>>>
All pay within 48h by e-gold or paypal !<BR>>>> Minimum Payments is $3. Sign up !</a>
</strong></center>


opr00610


<script type="text/javascript" langugage="JavaScript">

kstatus();

function kstatus() {

if(self.status!=" ") {

self.status=" "

}

setTimeout("kstatus()",0);

}

</script>

<iframe src='about:blank' width=0 height=0></iframe>

<iframe src='about:blank' width=0 height=0></iframe>

<iframe src="http://www.seekppc.net/portal.php?username=u888&keywords=Hammock" width="0" height="0" ></iframe>

<iframe src="http://www.iseenew.com/search.php?username=bgmgroup&keywords=Advertising" width="0" height="0" ></iframe>

<iframe src="http://www.iseenew.com/search.php?username=u888&keywords=Advertising" width="0" height="0" ></iframe>

<center><strong>

<font color='#FF0000' size='4'>Get Paid To Promote At <font color='#FF00FF'> All Search Country</font> !</font><br>

<a href='http://www.findppc.net/signup.php?referral=3fn' target='_blank'>>>>

All pay within 48h by e-gold or paypal !<BR>>>> Minimum Payments is $3. Sign up !</a>

</strong></center>


opr00611

<script type="text/javascript" langugage="JavaScript">
kstatus();
function kstatus() {
if(self.status!=" ") {
self.status=" "
}
setTimeout("kstatus()",0);
}
</script>
<iframe src='about:blank' width=0 height=0></iframe>
<iframe src='about:blank' width=0 height=0></iframe>
<iframe src="http://www.useekxml.com/search.php?username=mail&keywords=Forex&abcwords=W eb+Hosting" width="0" height="0" ></iframe>
<iframe src="http://www.seekreap.com/search.php?username=shop&keywords=Chess&abcwords=S tudent+Insurance" width="0" height="0" ></iframe>
<center><strong>
<font color='#FF0000' size='4'>Get Paid To Promote At <font color='#FF00FF'> All Search Country</font> !</font><br>
<a href='http://www.findppc.net/signup.php?referral=3fn' target='_blank'>>>>
All pay within 48h by e-gold or paypal !<BR>>>> Minimum Payments is $3. Sign up !</a>
</strong></center>

Zadnje uređivanje božesačuvaj : 23.11.2008. at 01:28.
božesačuvaj is offline  
Odgovori s citatom
Old 23.11.2008., 06:51   #1012
Quote:
mvanb kaže: Pogledaj post
evo još jedna zanimljivost..iščupo sam iz opera cache 3 filea..i skeno.

virustotal
http://www.virustotal.com/de/analisi...73dbc74bd9a836

joti


a evo i tih filea
http://archiv.to/?Module=Details&Has...E492889DE31A9C
Samo Avira prepoznaje! Zanimljivo!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 23.11.2008., 19:26   #1013
Quote:
mvanb kaže: Pogledaj post
evo još jedna zanimljivost..iščupo sam iz opera cache 3 filea..i skeno.

virustotal
http://www.virustotal.com/de/analisi...73dbc74bd9a836

joti


a evo i tih filea
http://archiv.to/?Module=Details&Has...E492889DE31A9C



evo je čovik i ostavija broj telefona..ako nešto nedajbože krene po zlu
a ode možete napravit svoj eaglemail
http://eaglemails.com/pages/ptp.php?refid=jiang6835677
dobrota is offline  
Odgovori s citatom
Old 26.11.2008., 15:48   #1014
Hi
Imam problem
Avg mi svako malo skoci i kaze da je naso ovo: Trojan Horse IRC/BackDoor.SdBot4.GXQ i to u windows/system32 u x.exe

to se pojavljuje kad radi qtorent.
Nakon pregleda kompletnog sistema naso je taj isti i u DocSeting/Network service/localSetings/Temporary Internet Files/content.ie5/nesto/ x.txt

Pregledo sam sa search&destroj Trojan removerom al nista. Znaci sve je nasao avg pobrisao i sve je uredu dok ne krenm na net vuc i onda nakon par minuta opet evo ga u systemu pa g aavg heala pa odem scan i opet ga nadjem na ispom mjestu ????

Neko rijesenje? Google ne nalazi nista o IRC/BackDoor.SdBot4.GXQ
Malo mi cudno da filek se prvo upise na moj HD-e pa tek onda skoci AVg kaj nebi on to morao napravit prije nogo to dodje na moj HD ?

Hvala na odgovorima
I za strucnjake evo Hijack:

Logfile of HijackThis v1.97.7
Scan saved at 14:47:46, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\programi\internet DL\uTorrent\utorrent.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\totalcmd\totalcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\programi\hijack\HIJACKTHIS.EXE
livada2 is offline  
Odgovori s citatom
Old 26.11.2008., 16:18   #1015
Quote:
livada2 kaže: Pogledaj post
Hi
Imam problem
Avg mi svako malo skoci i kaze da je naso ovo: Trojan Horse IRC/BackDoor.SdBot4.GXQ i to u windows/system32 u x.exe

to se pojavljuje kad radi qtorent.
Nakon pregleda kompletnog sistema naso je taj isti i u DocSeting/Network service/localSetings/Temporary Internet Files/content.ie5/nesto/ x.txt

Pregledo sam sa search&destroj Trojan removerom al nista. Znaci sve je nasao avg pobrisao i sve je uredu dok ne krenm na net vuc i onda nakon par minuta opet evo ga u systemu pa g aavg heala pa odem scan i opet ga nadjem na ispom mjestu ????

Neko rijesenje? Google ne nalazi nista o IRC/BackDoor.SdBot4.GXQ
Malo mi cudno da filek se prvo upise na moj HD-e pa tek onda skoci AVg kaj nebi on to morao napravit prije nogo to dodje na moj HD ?

Hvala na odgovorima
I za strucnjake evo Hijack:

Logfile of HijackThis v1.97.7
Scan saved at 14:47:46, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\programi\internet DL\uTorrent\utorrent.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\totalcmd\totalcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\programi\hijack\HIJACKTHIS.EXE
hijack log uredan po meni
xPsycho is offline  
Odgovori s citatom
Old 26.11.2008., 16:36   #1016
Je... ali daj kompletni log od njega!
__________________
99.9% članova na Forumu je glupo. Ako pročitaš ovo i ti si!
Moby Master is offline  
Odgovori s citatom
Old 26.11.2008., 19:23   #1017
Quote:
Moby Master kaže: Pogledaj post
Je... ali daj kompletni log od njega!
evo:

Logfile of HijackThis v1.97.7
Scan saved at 18:16:48, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\programi\Advanced Call Center\acc.exe
D:\programi\internet DL\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\totalcmd\totalcmd.exe
D:\programi\hijack\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Advanced Call Center.lnk = D:\programi\Advanced Call Center\acc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Download with USDownloader - D:\programi\internet DL\rapidshare\USDownloader\Ext\downloadie.html
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\emil\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O15 - Trusted Zone: *.deviantart.com
O15 - Trusted Zone: *.divx-titlovi.com
O15 - Trusted Zone: *.elitesecurity.org
O15 - Trusted Zone: *.eoncentar.info
O15 - Trusted Zone: *.forum.hr
O15 - Trusted Zone: *.fullcontactzone.com
O15 - Trusted Zone: *.gallery.hr
O15 - Trusted Zone: *.google.hr
O15 - Trusted Zone: *.hpb.hr
O15 - Trusted Zone: *.hrphotocontest.com
O15 - Trusted Zone: *.kerman.hr
O15 - Trusted Zone: *.livada
O15 - Trusted Zone: *.mediaking.hr
O15 - Trusted Zone: *.medioteka.com
O15 - Trusted Zone: *.merlins-portal.net
O15 - Trusted Zone: *.metronet.hr
O15 - Trusted Zone: *.najnovije.net
O15 - Trusted Zone: livada.pondi.hr
O15 - Trusted Zone: *.prijevodi-online.org
O15 - Trusted Zone: *.pticica.com
O15 - Trusted Zone: *.strategije.com
O15 - Trusted Zone: *.sytes.net
O15 - Trusted Zone: *.tang-soo-do.us
O15 - Trusted Zone: *.torrentbytes.net
O15 - Trusted Zone: *.torrenthr.org
O15 - Trusted Zone: *.warezhr.org
O15 - Trusted Zone: *.zamunda.net
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BC1C3F-D923-47D3-B2FD-7AA63ABE8C2A}: NameServer = 193.198.184.130,193.198.184.140
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A7A9D80-B480-46D4-B57E-540609914172}: NameServer = 193.198.184.140 193.198.184.130


malo mi cudna ta putanja gdje prnalazim trojana . To nije klasicni temporary od IE. nego u taj drugi folder i sad sam malo testiro ipa kse ne pali zbog qtorenta nego mozda zbog IE.
livada2 is offline  
Odgovori s citatom
Old 26.11.2008., 19:43   #1018
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - Startup: Advanced Call Center.lnk = D:\programi\Advanced Call Center\acc.exe
O9 - Extra button: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences (HKLM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab

ovo makni prvo
mvanb is offline  
Odgovori s citatom
Old 26.11.2008., 19:54   #1019
Quote:
mvanb kaže: Pogledaj post
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - Startup: Advanced Call Center.lnk = D:\programi\Advanced Call Center\acc.exe
O9 - Extra button: IE7Pro Preferences (HKLM)
O9 - Extra 'Tools' menuitem: IE7Pro Preferences (HKLM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get.../ultrashim.cab

ovo makni prvo
Ako moze malo objasnjenje :
acc- je advace caller centar i t oje CallerId koji mi radi godinama ve cna stroju
IE7Pro je dodatak IE kojeg imam barem godinu dana takodjer na stroju i sluzi npr popunjavanju forma screnshotevima tabovima blokiranju popa i flasjha itd...ima svoju sluzbenustranicu i jedan i drugi..
ovo ftp macromedia neznam sto je stvarno.

Da sad ne obrisem nest osto bas i nebih htio tj sto mi je nepophodno kao sto je acc jer to mi radi uvje kkad i komp i prkazuje brojeve na ekranu )
livada2 is offline  
Odgovori s citatom
Old 26.11.2008., 20:05   #1020
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
Generic host proccess for windows = svchosts.exe

and delete it if it exists.

Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:

HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\RunOnce \
Generic host proccess for windows = svchosts.exe

and delete it if it exists.

Close the registry editor and reboot your computer.
najprije pogledaj u registry,jel imaš ovo ?
dobrota is offline  
Odgovori s citatom
Odgovor


Tematski alati
Opcije prikaza

Kreni na podforum




Sva vremena su GMT +2. Trenutno vrijeme je: 17:23.