Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

BIT hidden fajlovi

[es] :: Zaštita :: BIT hidden fajlovi

[ Pregleda: 2522 | Odgovora: 9 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

moro

Član broj: 5537
Poruke: 668
*.crnagora.net.



+3 Profil

icon BIT hidden fajlovi23.10.2007. u 13:44 - pre 200 meseci
Od skoro sam primijetio cudnu stvar , naime u C:\Windows|TEMP folderu , kao hidden fajlovi pojavljuju se oko 90 fajlova sa oznakom BIT 1.tmp,BIT 2.tmp BIT 1A.tmp BIT 1B.tmp.....BIT 83.tmp- svi velicine 0 byt-a.
Ako ih sa nekim od klinera izbrisem, oni se i bez re-boot ponovo pojavljuju, jer ih izgleda sam Sistem ponovo stvara.
Provjerio sam sa KIS, Ad-Aware,Spy Sweep i ostalim raznim programima za zastitu - sve je cisto , nema virusa ili drugih malware.
Ovo me brine i ne znam ima li ova pojava uticaja na rad kompa, ili je to nesto sto je "proizvod" Windows Update-a , ili nekog od instaliranih programa.
Cekirao sam i Sistemske fajlove za XP SP2 Pro i sve je u redu.
Ako neko moze pomoci u vezi ovoga bio bih mu zahvalan.

moro
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: BIT hidden fajlovi23.10.2007. u 14:05 - pre 200 meseci
Voleo bih da vidim HiJackThis! log. Nisam siguran ali mislim da imas Proxy.Agent.jz trojanca.
 
Odgovor na temu

moro

Član broj: 5537
Poruke: 668
*.crnagora.net.



+3 Profil

icon Re: BIT hidden fajlovi23.10.2007. u 15:34 - pre 200 meseci
[quote]Binary Mind: Voleo bih da vidim HiJackThis! log. Nisam siguran ali mislim da imas Proxy.Agent.jz trojanca.

Evo HiJackThis od danas:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:35 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Spellin&g - C:\WINDOWS\web\Spell_It.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1134761366352
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...t/muweb_site.cab?1120398838933
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCE97F7-1D82-457D-9A96-C336FC56B1A8}: NameServer = 165.66.160.1,165.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE659785-D27D-4EC5-BDFB-CCEF96D8FDF4}: NameServer = 195.66.160.1 195.66.160.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6564 bytes
moro
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: BIT hidden fajlovi23.10.2007. u 16:03 - pre 200 meseci
Skini AVG Anti-Spyware 7.5 (bivsi ewido anti-malware), update-uj ga, proskeniraj komp sa njime. Okaci njegov log pa onda i HJT! log.
 
Odgovor na temu

moro

Član broj: 5537
Poruke: 668
85.94.116.*



+3 Profil

icon Re: BIT hidden fajlovi23.10.2007. u 21:59 - pre 200 meseci
Evo kako si trazio:
1/Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:17 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Spellin&g - C:\WINDOWS\web\Spell_It.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1134761366352
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/mi...t/muweb_site.cab?1120398838933
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCE97F7-1D82-457D-9A96-C336FC56B1A8}: NameServer = 165.66.160.1,165.66.160.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE659785-D27D-4EC5-BDFB-CCEF96D8FDF4}: NameServer = 195.66.160.1 195.66.160.2
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 6855 bytes
2/---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:35:21 PM 10/23/2007

+ Scan result:



D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Registre checker\RegistryCheckUp.exe -> Adware.Fastseeker : Ignored.
C:\Documents and Settings\momo\Desktop\Programi XP\Browser\kill2me\Kill2Me.exe -> Adware.LookMe : Ignored.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-15\ANv70KG\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-15\Nero 7 Keygun\Nero7Keygen.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).
C:\Documents and Settings\momo\Desktop\Precice\Ewido patch\ewido.anti-spyware.v4.xx..(updated)-patch.exe -> Not-A-Virus.Hacktool.Crack : Ignored.
C:\Documents and Settings\momo\Desktop\Programi XP\PSPV2\pspv.exe -> Not-A-Virus.PSWTool.Win32.PassViewer : Ignored.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-33\Windows XP 100% GenuineNew Folder\Make Your Copy of Windows 100% Genuine in 2 Seconds-2.zip/Make Your Copy of Windows 100% Genuine in 2 Seconds-2/Make Your Copy of Windows 100% Genuine in 2 Seconds/Port_RockXP_v4.exe/RockXP4.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-36\Make Your Copy of Windows 100% Genuine in 2 Seconds-2\Make Your Copy of Windows 100% Genuine in 2 Seconds-2\Make Your Copy of Windows 100% Genuine in 2 Seconds\Port_RockXP_v4.exe/RockXP4.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-39\WGA\Make Your Copy of Windows 100% Genuine in 2 Seconds-2\Make Your Copy of Windows 100% Genuine in 2 Seconds-2\Make Your Copy of Windows 100% Genuine in 2 Seconds\Port_RockXP_v4.exe/RockXP4.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\momo@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\momo@www.andr[1].txt -> TrackingCookie.Andr : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Cookies\[email protected][1].txt -> TrackingCookie.Cnw : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\[email protected][1].txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.98:C:\Documents and Settings\momo\Application Data\Mozilla\Firefox\Profiles\5iyi1vv8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\momo@idot[1].txt -> TrackingCookie.Idot : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
G:\WINDOWS\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\momo@navrcholu[2].txt -> TrackingCookie.Navrcholu : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.172:C:\Documents and Settings\momo\Application Data\Mozilla\Firefox\Profiles\5iyi1vv8.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Cookies\momo@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-7\Cookies\momo@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
G:\WINDOWS\Cookies\momo@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.10:D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Firefox\Profiles\5iyi1vv8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.81:C:\Documents and Settings\momo\Application Data\Mozilla\Firefox\Profiles\5iyi1vv8.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\Autobackup - momo - 8-12-2006\Archive\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-35\VST_CRACK_DN\vistacrack.exe -> Trojan.Activcrk.a : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-35\VST_CRACK_DN\timerstop.sys -> Trojan.ActivCrk.b : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-14\Symantec.Norton.Ghost.v9.0.Fullversion\Setup\KG\ssg-ng90.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-16\Symantec.Norton.Ghost.v9.0.Fullversion\Setup\KG\ssg-ng90.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
D:\podaci\CRAKS\Norton 2005 -5in 1\Symantec.Norton.Ghost.v9.0.Keygen-SSG.exe -> Trojan.Keygen.s : Cleaned with backup (quarantined).
D:\podaci\CRAKS\NeroBurningROM6[1].6-Keygen\Nero6.6.0.3.Enterprise.Keygen.exe -> Trojan.Small : Cleaned with backup (quarantined).
D:\podaci\CRAKS\n-gen_bitdefender_7.0\BitDefender 7.0.exe -> Trojan.Small : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-24\XP[1].Activation.Tools\XP[1].Activation.Tools\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-25\WINXP KEY\Windows XP Key Recovery Pack\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL\PC files\All_Microsoft_XP_Keygen\All_Microsoft_XP_Programs_Keygen\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\Microsoft CD Keys, CD Key Generator, Genuine Advantage Validation\XPKey\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\Problemi sa PC\Microsoft CD Keys, CD Key Generator, Genuine Advantage Validation\XPKey\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\podaci\CRAKS\All_Microsoft_XP_Keygen\All_Microsoft_XP_Programs_Keygen\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\podaci\CRAKS\bluelist_xp_keygen\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\podaci\PC files\All_Microsoft_XP_Keygen\All_Microsoft_XP_Programs_Keygen\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\podaci\Windows KeyGen\XPKey.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
D:\Datoteka\INSTALL1-2-3-4-5\INSTALL-15\all Adobe all Nero and much more\PestPatrol Keymaker.exe -> Trojan.Spyblock : Cleaned with backup (quarantined).


::Report end

Napomena: Imam 3 particije- C\Win XP SP2; D\ Neaktivna sluzi kao Arhiva i G\ Win 98 SE
Kao sto mozes da vidis C:\ izgleda cista.Prije skeniranja sa AVG,
u Safe Mod-u sam skenirao C:\ sa AV - nije nasao nista.
U C:\Windows\TEMP obrisao sam sve BIT fajlove koji se vise nijesu regenerisali, ali kada sam se vratio u Normal Mode, sve se ponovilo kao i prije, odnosno opet su se vratili BIT....temp. fajlovi.
moro
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-4.sezampro.yu.



+3779 Profil

icon Re: BIT hidden fajlovi24.10.2007. u 12:17 - pre 200 meseci
Mislio sam da je trojanac ali ocigledno nije (imao si ih dovoljno i ovako) Mislim da su BIT temp fajlovi vezani za BITS (Background Intelligence Transfer Service) i neke programe koji se update-uju preko BITS-a. Ako ti je ukljucen Windows Automatic Update iskljuci ga i vidi da li je on taj koji stalno pokusava da update-uje Windows. I MSN Messenger, ako ga koristis, se takodje obnavlja preko BITS-a. Ako kada iskljucis Windows Automatic Update ne pomogne i BIT fajlovi se jos budu pojavljivali, kao eksperiment mozes da disable-ujes BITS u Control Panel>Administrative Tools>Services cisto da bi video da li ce se BIT fajlovi jos pojavljivati u temp folderu...
 
Odgovor na temu

moro

Član broj: 5537
Poruke: 668
85.94.115.*



+3 Profil

icon Re: BIT hidden fajlovi24.10.2007. u 15:17 - pre 200 meseci
Hvala ti na odgovoru.
Ne koristim MSN Messenger a Windos Automatic Update je podesen na :"Notify me but dont download or install them"
U medjuvremenu sam sa "msconfig" probao pojedinacno svaku od opcija i samo sa "Selective Startup > Load System Service " BIT##temp fajlovi su se pojavljivali i poslije brisanja ponovo stvarali.( bez reboot-a )
Kod svih ostalih opcija nije ih bilo.
U istoj sesiji usao sam u "Service" i nasao cekirane:
- DCOM Server Process La.... Running
-Remote Procedure Call.., 2 puta , jedan Stopped a drugi Running.
Svi ostali servisi su bili Stopped.
Izgleda da je stvaranje ovih BIT fajlova u nekoj vezi "System Service".
Probacu da disejblujem BITS u Control Panel>Administrative Tools>Services, pa cu ti naknadno javiti rezultat.
moro
 
Odgovor na temu

moro

Član broj: 5537
Poruke: 668
85.94.116.*



+3 Profil

icon Re: BIT hidden fajlovi24.10.2007. u 20:43 - pre 200 meseci
Odjednom je TEMP folder iz C:\WINDOWS|TEMP nestao.
Ponovo sam ga kreirao , ali sada se u njemu pojavio prazan folder WPDSNE , size 0 byt , a sa njim i temp. fajl C31F31E6 od 1 KB.
Posle Guglanja pronasao sam da ovo WPDSNE znaci ustvari Windows Portable Devices Namespace Extension.
Obrisao sam i folder i fajl , ali poslije reboot-a oni su se pojavili opet u TEMP folderu.
Na google sam pronasao da je ovaj WPDSNE povezan sa Windows Media Player 11 i da se izgubi ako se WMP 11 deinstalira, probao sam i to ,ali nije tacno.
U Services trazio sam Windows Portable Devices Namespace Extension, ali taj servis ne postoji kod mene.
Imas li kakvu ideju kako da se rijesi da se WPDSN i fajl C31F31E6 ne pojavljuju opet u TEMP
poslije svakog reboot-a.
moro
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-4.sezampro.yu.



+3779 Profil

icon Re: BIT hidden fajlovi25.10.2007. u 13:42 - pre 200 meseci
Nisi trebao sam da kreiras temp folder. Ovo sto sam rekao da iskljucis BITS je bio samo eksperiment. Sad opet ukljuci BITS. Dalji saveti, posto ti je ocigledno Windows instalcija ostecena i zrela za clean install da to i uradis osim ako ti BIT temp fajlovi ne smetaju. Drugih ideja nemam jer to sto se tebi desava nije bas cesto, a daljim eksperimentima bi mogli nesto da popravimo ali i da jos vise ostetimo Windows :)
 
Odgovor na temu

moro

Član broj: 5537
Poruke: 668
*.crnagora.net.



+3 Profil

icon Re: BIT hidden fajlovi25.10.2007. u 17:03 - pre 200 meseci
Zaboravio sam da napisem da se oni BIT##temp fajlovi ( njih oko 90 kom ) vise ne pojavljuju , osim ovog WPDSN praznog foldera i temp fajla C31F31E6 od 1 KB koji se iako obrisani, poslije ponovnog ukljucenja kompa, ponovo pojavljuju u TEMP flderu.
Na kompu za sada sve radi O.K., pa ako ne bude nekih kasnijih komplikacija , zivjecemo sa ta dva fajla za koje niko zivi na netu ne zna nista.
moro
 
Odgovor na temu

[es] :: Zaštita :: BIT hidden fajlovi

[ Pregleda: 2522 | Odgovora: 9 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.